Metadata

• Attackers are interested in Metadata APIs.

• Only accessible by the server itself.

• Metadata APIs contain:

  • Information about systems[ Credentials, region etc]

• Abuse of Metadata API [ AWS is still vulnerable]

  • Check for SSRF vulnerabilities.

Exploitation

• Once the credentials have been retrieved. Export them as environment variables.

• Testing if credentials work: aws sts get-caller-identity

• List buckets : aws s3 ls

• https://blog.appsecco.com/getting-shell-and-data-access-in-aws-by-chaining-vulnerabilities-7630fa57c7ed