Look for API keys or database passwords.

You add the entry to /etc/hosts :

Through some clever manipulation, I managed to inject a malicious payload, effectively exploiting the SSRF vulnerability. This allowed me to access the server's internal metadata, revealing a set of AWS credentials. The plot thickened.

So the next time your browser tab says "Connecting to hackfail.htb..." and spins indefinitely, don't get angry. Get curious. Fix your /etc/hosts . Check your proxy settings. And remember: in the world of hacking, every failure that teaches you something is actually a success.