search

mkrs2404 / tickets

0 stars 0 forks source link

Header Based Generic OOB Interaction (oob-header-based-interaction:dns) found on honey.scanme.sh #60

Closed mkrs2404 closed 1 month ago

mkrs2404 commented 4 months ago

Details: oob-header-based-interaction:dns matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh

Timestamp: Tue Apr 30 19:28:59 +0530 IST 2024

Template Information

Key Value
Name Header Based Generic OOB Interaction
Authors pdteam
Tags oast, ssrf, generic
Severity info
Description The remote server fetched a spoofed URL from the request headers.

Request

GET / HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@coofgv4mjeun8ktjo61gdnyjzs78ngc7g.oast.me
Connection: close
Accept: */*
Accept-Language: en
Cache-Control: no-transform
Cf-Connecting_ip: spoofed.coofgv4mjeun8ktjo61gm71huxs8zpaiz.oast.me
Client-Ip: spoofed.coofgv4mjeun8ktjo61gtjuwsq1zt91eh.oast.me
Contact: root@coofgv4mjeun8ktjo61gzy9jd6t84o3zc.oast.me
Forwarded: for=spoofed.coofgv4mjeun8ktjo61gcoz6zbysxdrdm.oast.me;by=spoofed.coofgv4mjeun8ktjo61g4ewm41sbcrrxf.oast.me;host=spoofed.coofgv4mjeun8ktjo61gf6pnay7bt9czg.oast.me
From: root@coofgv4mjeun8ktjo61g51d4mi8g9txxn.oast.me
Profile: http://coofgv4mjeun8ktjo61ghpm8kcnaxxin4.oast.me/profile.xml
Referer: http://coofgv4mjeun8ktjo61gojexjko4mdk5c.oast.me/ref
True-Client-Ip: spoofed.coofgv4mjeun8ktjo61gmw9iqwrnapdsb.oast.me
X-Client-Ip: spoofed.coofgv4mjeun8ktjo61gwg5euugsumwr1.oast.me
X-Forwarded-For: spoofed.coofgv4mjeun8ktjo61gtmkbiqusgwxwc.oast.me
X-Forwarded-Host: spoofed.coofgv4mjeun8ktjo61gfuw38edzq9a9t.oast.me
X-Forwarded-Server: spoofed.coofgv4mjeun8ktjo61gz3kxy678euigc.oast.me
X-HTTP-Host-Override: spoofed.coofgv4mjeun8ktjo61gwksagckiscedj.oast.me
X-Host: spoofed.coofgv4mjeun8ktjo61g8bn36jjd7degp.oast.me
X-Originating-Ip: spoofed.coofgv4mjeun8ktjo61gw58sz3ka9rtu1.oast.me
X-Real-Ip: spoofed.coofgv4mjeun8ktjo61g1cobbxwb4oo9g.oast.me
X-Wap-Profile: http://coofgv4mjeun8ktjo61gejmr9j6c9hq8w.oast.me/wap.xml
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 1540
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:54 GMT

GET / HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Cache-Control: no-transform
Cf-Connecting_ip: spoofed.coofgv4mjeun8ktjo61gm71huxs8zpaiz.oast.me
Client-Ip: spoofed.coofgv4mjeun8ktjo61gtjuwsq1zt91eh.oast.me
Connection: close
Contact: root@coofgv4mjeun8ktjo61gzy9jd6t84o3zc.oast.me
Forwarded: for=spoofed.coofgv4mjeun8ktjo61gcoz6zbysxdrdm.oast.me;by=spoofed.coofgv4mjeun8ktjo61g4ewm41sbcrrxf.oast.me;host=spoofed.coofgv4mjeun8ktjo61gf6pnay7bt9czg.oast.me
From: root@coofgv4mjeun8ktjo61g51d4mi8g9txxn.oast.me
Profile: http://coofgv4mjeun8ktjo61ghpm8kcnaxxin4.oast.me/profile.xml
Referer: http://coofgv4mjeun8ktjo61gojexjko4mdk5c.oast.me/ref
True-Client-Ip: spoofed.coofgv4mjeun8ktjo61gmw9iqwrnapdsb.oast.me
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@coofgv4mjeun8ktjo61gdnyjzs78ngc7g.oast.me
X-Client-Ip: spoofed.coofgv4mjeun8ktjo61gwg5euugsumwr1.oast.me
X-Forwarded-For: spoofed.coofgv4mjeun8ktjo61gtmkbiqusgwxwc.oast.me
X-Forwarded-Host: spoofed.coofgv4mjeun8ktjo61gfuw38edzq9a9t.oast.me
X-Forwarded-Server: spoofed.coofgv4mjeun8ktjo61gz3kxy678euigc.oast.me
X-Host: spoofed.coofgv4mjeun8ktjo61g8bn36jjd7degp.oast.me
X-Http-Host-Override: spoofed.coofgv4mjeun8ktjo61gwksagckiscedj.oast.me
X-Originating-Ip: spoofed.coofgv4mjeun8ktjo61gw58sz3ka9rtu1.oast.me
X-Real-Ip: spoofed.coofgv4mjeun8ktjo61g1cobbxwb4oo9g.oast.me
X-Wap-Profile: http://coofgv4mjeun8ktjo61gejmr9j6c9hq8w.oast.me/wap.xml

Interaction Data

dns (A) Interaction from 173.194.168.193 at coofgv4mjeun8ktjo61gm71huxs8zpaiz Interaction Request

;; opcode: QUERY, status: NOERROR, id: 16632
;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;SPoOfed.cOOfGv4mJeun8ktJo61Gm71huxS8zpAIZ.oAST.Me. IN   A

Interaction Response

;; opcode: QUERY, status: NOERROR, id: 16632
;; flags: qr aa cd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;SPoOfed.cOOfGv4mJeun8ktJo61Gm71huxS8zpAIZ.oAST.Me. IN   A

;; ANSWER SECTION:
SPoOfed.cOOfGv4mJeun8ktJo61Gm71huxS8zpAIZ.oAST.Me.  3600    IN  A   178.128.209.14

;; AUTHORITY SECTION:
SPoOfed.cOOfGv4mJeun8ktJo61Gm71huxS8zpAIZ.oAST.Me.  3600    IN  NS  ns1.oast.me.
SPoOfed.cOOfGv4mJeun8ktJo61Gm71huxS8zpAIZ.oAST.Me.  3600    IN  NS  ns2.oast.me.

;; ADDITIONAL SECTION:
ns1.oast.me.    3600    IN  A   178.128.209.14
ns2.oast.me.    3600    IN  A   178.128.209.14

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'Cache-Control: no-transform' -H 'Cf-Connecting_ip: spoofed.coofgv4mjeun8ktjo61gm71huxs8zpaiz.oast.me' -H 'Client-Ip: spoofed.coofgv4mjeun8ktjo61gtjuwsq1zt91eh.oast.me' -H 'Contact: root@coofgv4mjeun8ktjo61gzy9jd6t84o3zc.oast.me' -H 'Forwarded: for=spoofed.coofgv4mjeun8ktjo61gcoz6zbysxdrdm.oast.me;by=spoofed.coofgv4mjeun8ktjo61g4ewm41sbcrrxf.oast.me;host=spoofed.coofgv4mjeun8ktjo61gf6pnay7bt9czg.oast.me' -H 'From: root@coofgv4mjeun8ktjo61g51d4mi8g9txxn.oast.me' -H 'Profile: http://coofgv4mjeun8ktjo61ghpm8kcnaxxin4.oast.me/profile.xml' -H 'Referer: http://coofgv4mjeun8ktjo61gojexjko4mdk5c.oast.me/ref' -H 'True-Client-Ip: spoofed.coofgv4mjeun8ktjo61gmw9iqwrnapdsb.oast.me' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@coofgv4mjeun8ktjo61gdnyjzs78ngc7g.oast.me' -H 'X-Client-Ip: spoofed.coofgv4mjeun8ktjo61gwg5euugsumwr1.oast.me' -H 'X-Forwarded-For: spoofed.coofgv4mjeun8ktjo61gtmkbiqusgwxwc.oast.me' -H 'X-Forwarded-Host: spoofed.coofgv4mjeun8ktjo61gfuw38edzq9a9t.oast.me' -H 'X-Forwarded-Server: spoofed.coofgv4mjeun8ktjo61gz3kxy678euigc.oast.me' -H 'X-HTTP-Host-Override: spoofed.coofgv4mjeun8ktjo61gwksagckiscedj.oast.me' -H 'X-Host: spoofed.coofgv4mjeun8ktjo61g8bn36jjd7degp.oast.me' -H 'X-Originating-Ip: spoofed.coofgv4mjeun8ktjo61gw58sz3ka9rtu1.oast.me' -H 'X-Real-Ip: spoofed.coofgv4mjeun8ktjo61g1cobbxwb4oo9g.oast.me' -H 'X-Wap-Profile: http://coofgv4mjeun8ktjo61gejmr9j6c9hq8w.oast.me/wap.xml' 'https://honey.scanme.sh'

Generated by Nuclei v3.2.5