Struggling with SSRF 1.3 Challenge Exercise

I managed to get through 1.1 and 1.2 of the SSRF stuff.

It’s quite confusing and I feel like I need a little more instruction or a cheeky hint on where I need to go to get the flag in 1.3.

I can’t seem to figure it out, I know which port it is, and I also know the file, but I can’t access the file because I get a 403 forbidden. At least I think I know these things?

The Pen Testing Career Path has been good so far but this one is confusing me (I think it might be a bit too blunt in instructions?).

Any help would be great!

Okay I did find the flag, but I’m not really sure I did it the “right” way, if that makes sense?

I made a little script and did it through the console, but previous lessons were through the php web page example.

Just pretty confused but still managed it so yay?

same issue, i do not understand what to do

if i type http://ssrf.challenge2:22/test2.html

i receive

if i type http://ssrf.challenge2:80/test2.html

i receive

so seems both port 22 and 80 are alive but so what ? does not help to retrieve any flag ?

SSRF3 page allow to enumerate port, not to run scripts ?

or should i try to use a script like:

bash

for i in {1..10}; do curl -s "http://ssrf.challenge2:$i/test2.html" sleep 1 done

i have no idea, can someone help