Learn Pentesting like a Pro!

Share this post

Interactsh: Open-Source OOB solution for SSRF, Blind SQLi, ... in Kali Linux

pentesting.academy

Interactsh: Open-Source OOB solution for SSRF, Blind SQLi, ... in Kali Linux

pentesting.academy
May 9, 2021
Share this post

Interactsh: Open-Source OOB solution for SSRF, Blind SQLi, ... in Kali Linux

pentesting.academy

Project Discovery, the same people behind Nuclei scanner that allows you to customize vulnerability scanning from YAML templates, just released another awesome project called Interactsh.

To keep it quick and short, it's a free alternative to Burpsuite Collaborator for free that you can use in their SaaS platform or just deploy it in your own server.

OOB attacks, or Out-of-Band attacks, are blind injections in which we can send a URL to connect back to our server from the target infrastructure to know if it is vulnerable or not. Three of the most common OOB vulnerabilities are SSRF (Server Side Request Forgery), blind stored XSS and blind SQL injection.

First you will have to install Go, if you haven't already:

sudo apt install golang-go

Then we can install Interactsh directly from the official github repository in our home directory:

cd

GO111MODULE=on go get -v github.com/projectdiscovery/interactsh/cmd/interactsh-client

Ready! Now you can easily run the tool and set up a OOB environment in milliseconds:

go/bin/interactsh-client
Interactsh waiting for connections

In this example, you can use the above URL ("c2btqfump8vsleb0f9hgcnm74ooyyyyyn.interact.sh") to use it in your payloads and validate if a website is vulnerable to any type of blind injections such as SSRF, Blind SQLi, etc.

Keep in mind that this URL is a wildcard, we can add any subdomain in front of the interactsh URL and we still get the connection back. You can use either http:// or https:// protocols when the client does not validate the server certificate.

Interactsh in action receiving connections back

You can expect some output like in (1), when there is a successful HTTP(s) connection back, or like (2) when the vulnerable program only does a DNS resolution. In either way, you can easily prove that there is an OOB vulnerability.

You might be also interested in:

Learn Pentesting like a Pro
Alternatives to interact.sh for Out-of-band resource load
Sometimes when we are performing a pentest or bug bounties we need an external site to verify some blind injections or exfiltrate data. This is known as Out-of-Band or just OOB. Also in some of the newest vulnerabilities found, such as log4j, also needed a OOB DNS resource to validate if a machine could be compromised…
Read more
a year ago · pentesting.academy

Happy hunting!

Share this post

Interactsh: Open-Source OOB solution for SSRF, Blind SQLi, ... in Kali Linux

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing