10.17.2019
Bug Bounty

SSRF Test Servers

SSRF Image

They're finally here!!!!

*(but only in* `http` *format for now,* `ssl` *is coming soon)*

If you think you've got an SSRF attack against our network, please use these two groups of servers to prove it to us. There's a whole bunch of different file formats on these servers and they're all identical. To prove your SSRF, please send your attacks in a way that attempt to read or write content to/from one of these servers in each network segment (Prod + Corp). The difference between each host within each category is just their geolocation, which in most circumstances does not matter what you target. 

Production Network

* banana.stand.ne1.prod.oath

* banana.stand.gq1.prod.oath

* banana.stand.bf1.prod.oath

* banana.stand.sg3.prod.oath

* banana.stand.ir2.prod.oath

* banana.stand.tw1.prod.oath

* banana.stand.tp2.prod.oath

* banana.stand.bf2.prod.oath

Corporate Network

* banana.stand.corp.gq1.cic.oath

* banana.stand.corp.bf1.cic.oath

* banana.stand.corp.sg3.cic.oath

* banana.stand.corp.ne1.cic.oath

Files to target take the filename format of `<extension>_###.<extension>`. For example: `txt_001.txt` and `zip_001.zip`. We've put up a bunch of different file formats that can be targeted for your testing needs.  

File types available include: 

avi, bmp, css, csv, doc, docx, dtd, ics, jar, json, md, mkv, mov, mp3, mp4, odp, ods, odt, ogg, pdf, php, rss, svg, tiff, txt, wav, wmv, xls, xlsx, xml, xsl, zip

We’ve also set the 404 error page to show you that you’ve hit the bananastand and not just some other unknown host: `<html>...404 no bananas for you!...</html>`

**When testing**, it would be super helpful if (along with the file you pull down) you try to fetch `http://<hostname>/hackerone-<username>` so that we can identify **your** activity in the logs more easily.

**When submitting a report** (in addition to all the usual details) please make sure to:

1. Attach a copy of the file you fetched.

2. Include the timestamp you fetched the file.

3. Note the SSRF server that you fetched the file from.

---

### The Fine Print

If you can’t hit these servers but can hit something else inside our network you must provide a working POC and understand that we will individually evaluate impact of the host you tested with.

We reserve the right to award a $0 bounty for any SSRF (or similar) reports that are not able to touch these servers.

Also, we will periodically review the logs on these servers and may reach out to hackers that have hit the server but not submitted a report. If this happens, you will be eligible for a maximum award of 10% for the report.

---

Happy Hacking,

The Paranoids

  • Advertise with us
  • Find the right advertising solutions for your business.
  • Join us
  • Spend every day connecting people with the things they love.
  • Follow us
© 2020 Verizon Media. All Rights Reserved