Red60: You Are Awesome PDF! (SSRF Challenge)

Download the Virtual Machine Here.
- You’ll need VMWare Workstation
- The IP Address will be displayed when you boot the VM.

This VM contains:
- A PDF certificate generator
- A flag that can only be uncovered via SSRF techniques.

SSRF (Server‑Side Request Forgery) is a vulnerability in which an attacker induces a server to make network requests on their behalf.
- Because the request comes from the server itself, the attacker can often:
  - Access internal services (like 127.0.0.1, internal APIs, metadata endpoints)
  - Bypass firewalls and IP restrictions
  - Read internal‑only files or services

This website provides a basic function in which user input is submitted and a PDF certificate is generated.
- In most modern applications, user input is properly sanitized, and these techniques will not work. However, it is still worth testing HTML‑based injection vectors such as <img>, <svg>, <iframe>, and similar tags. When sanitization is incomplete or context‑dependent, they can sometimes be abused to trigger server‑side requests, revealing services or resources that are only accessible from restricted networks or loopback addresses like 127.0.0.1.

Demonstrate that files which should only be accessible to the local server can in fact, be seen via the public IP address using HTML injection techniques

On Amazon EC2, the instance metadata endpoint is a special internal web service available at 169.254.169.254 that can only be accessed from within the instance itself.
It is used by applications and the operating system to retrieve information about the running instance, such as:
- Instance identity details (ID, region, availability zone)
- Networking information
- Startup configuration (user data)
- Temporary IAM role credentials used to securely access AWS services

<iframe
  src="<http://169.254.169.254/latest/meta-data/>"
  width="600"
  height="400">
</iframe>