• caglararli@hotmail.com
  • 05386281520

Trying to send a POST request using curl to a HTB machine

Çağlar Arlı      -    45 Views

Trying to send a POST request using curl to a HTB machine

I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I'm trying to send a POST request using curl with the command

curl --data "hckyou.txt" -X POST http://editorial.htb/upload

The POST request in "hckyou.txt" is the following"

POST /upload HTTP/1.1
Host: editorial.htb
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------246068047919283104132964618623
Content-Length: 691
Origin: http://editorial.htb
Connection: keep-alive
Referer: http://editorial.htb/upload

-----------------------------246068047919283104132964618623
Content-Disposition: form-data; name="bookurl"

http://127.0.0.1:5000
-----------------------------246068047919283104132964618623
Content-Disposition: form-data; name="bookfile; filename =""
Content-Type: application/octet-stream

111
-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="bookintro"


-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="whyus"

aa@aa
-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="email"

111111
-----------------------------149682616639422075182982487158
Content-Disposition: form-data; name="phone"

But the host answer to the request is the following:

<!doctype html>
<html lang=en>
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>The browser (or proxy) sent a request that this server could not understand.</p>

Has anybody any idea about what's wrong on my request? This is driving me crazy...