A handy-looking tool. In cloud infrastructure having a server side request forgery vulnerability can be fatal as it allows accessing the metadata service. Capital One was owned through one.
This tool allows turning vulnerable victim systems into a proxies which allows accessing systems in the internal network, including the metadata service.
5 comments
[ 2.2 ms ] story [ 22.7 ms ] threadThis tool allows turning vulnerable victim systems into a proxies which allows accessing systems in the internal network, including the metadata service.
Great R&D work!
I found a couple of sources related to this, fascinating, thank you!
https://www.techtarget.com/searchsecurity/news/252467901/Cap...
https://www.shellntel.com/blog/2019/8/27/aws-metadata-endpoi...
I knew about SSRFs, but the ability of attackers to pivot and stack and chain minor vulnerabilities continues to amaze me.
I hope AWS mitigated this metadata endpoint weakness by now.
AWS offers a version 2 of the Instance Metadata Service (IMDS) API that includes mitigations for many common SSRF attacks.
IIRC both IMDSv1 and IMDSv2 are turned on by default and it's a recommended AWS best practice to disable IMDSv1 when launching new instances.
https://aws.amazon.com/blogs/security/defense-in-depth-open-...