Is it possible to hack a server with a SSTP_DUPLEX_POST request?

Asked Apr 28 '21 at 17:14

Active Apr 28 '21 at 17:14

Viewed 1,982 times

How is it possible to use the method : SSTP_DUPLEX_POST and the url : /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ to hack a server ?

I have this request in my logs from a well known malicious IP address. It has been reported several times on abuseipdb in this report. Most of the users reporting the IP address and this particular attack seems to think that it's for port scanning.

I read a little bit about SSTP_DUPLEX_POST and SSTP protocol, but I can't really figure out how this request could lead to some useful information or benefits for the hacker.

Can anyone explain it to me ?

asked Apr 28 '21 at 17:14

Frédérique

I also recently saw this on a site I was asked to migrate. Within 24 hours of having the test server up, (CentOS 7.6) the server acted very stragely twice with firewalld failing and blocking SSH port once, and Apache 2.4 serving crashing to 500 errors the second time. – I'm Root James Jun 24 '21 at 01:54

Is it possible to hack a server with a SSTP_DUPLEX_POST request?

0 Answers0