Pentesting Cloud Networks
Metadata
Attackers are interested in Metadata APIs.
Only accessible by the server itself.
Metadata APIs contain:
Information about systems[ Credentials, region etc]
Abuse of Metadata API [ AWS is still vulnerable]
Check for SSRF vulnerabilities.
Exploitation
Once the credentials have been retrieved. Export them as environment variables.
Testing if credentials work:
aws sts get-caller-identity
List buckets : aws s3 ls
Last updated