пятница, 8 августа 2014 г.

SSRF vs AWS Security

Hello everyone...

Just want to mention one attack-vector that is useful against AWS EC2 instances in some configurations. It is not rocket-science, but pretty fun and tell us about AWS Cloud security things and maybe can help us to do hardening. Actually I am talking about boring-sold SSRF vector. So if an attacker can do SSRF in our EC2 with SSRF what he can do?

Sometimes developers like to assign IAM Roles to instances. For example if it is deploy/build server, that needs to create new apps in AWS account or something else, doesn't matter - this just happens 8) And assigning roles to EC2 instances  - easiest way you can do it, because you do not need to think about how to deliver  Access Keys to the instance, how to rotate them and etc. Now back to SSRF...

So we have classic vulnerable App with boring XXE:


And...





Now it's time to remember about AWS meta-data service which is available from any instance. This server return meta-data for EC2 instance that called this API: http://169.254.169.254/latest/meta-data
Let's try:


Ok... so now you can get a  lot of information... but the funniest part - Temporary Access Key and Token for AWS API is also here http://169.254.169.254/latest/meta-data/iam/security-credentials/<ROLE_NAME>...



Wow, 'apache' user got this key... and if you think that by default access with this key limited only from EC2 instance - you wrong. Please feel free to copy this key and use it from any place.

Config:



Trying:



















Now we can do anything that allowed by Policy/Role that assigned to hacked instance.

Let's summarize problems:

1) Anyone can get Access Key: nobody, root, apache... it's not based on OS security.
2) By default this Key works from any IP, not only from instance (but you can try to configure it in Policy at least)
3) You can't revoke this Key. You can remove Policy from the group - yes.
4) You do SSRF in your code, smart-ass!

So this is just  example how SSRF + lack of hardening on AWS account can ruin you life...



Solution for item 2, edit Policies that assigned to Role:

    "Condition": {
        "IpAddress": {
        "aws:SourceIp": "10.90.X.X"
         }
     }

Then you safe:


But in fact not - if box compromised or with the saem SSRF you can makes RESP API calls from the pwned isntance...

As final notes:

1) Check roles that assigned to instances. Less privileges... Better no roles...
2) If you can limit access for this policy by SRC IP -  do it, so only instances with this Role can access API.
BUT remember, if you have SSRF, than attacker can do API calls from tsame instance by same SSRF...
3) Do not code SSRF ;)

P.S. Thanks to Erian Nader from HERE Security team for helping with this material...

P.P.S. And of course, it's not about only SSRF - if instance pwned, then same risks applied. So be careful with Instance's roles!

Автор: на

40 комментариев:

  1. isciurus8 августа 2014 г. в 22:56

    s/Kastaneda/Castaneda, dear warrior.

    ОтветитьУдалить
  2. Alexey Sintsov9 августа 2014 г. в 01:40

    You are right;)

    ОтветитьУдалить
  3. MAZLUM TÜRK26 июля 2021 г. в 17:11

    kayseriescortu.com - alacam.org - xescortun.com

    ОтветитьУдалить
  4. Pelin Pak20 января 2022 г. в 12:15

    ankara eskort
    osmaniye eskort
    urfa eskort
    rize eskort
    bingöl eskort
    hatay eskort
    düzce masöz
    manisa masöz

    ОтветитьУдалить
  5. Анонимный30 апреля 2022 г. в 00:05

    mmorpg oyunlar
    instagram takipçi satın al
    tiktok jeton hilesi
    tiktok jeton hilesi
    antalya saç ekimi
    İNSTAGRAM TAKİPÇİ SATIN AL
    INSTAGRAM TAKİPCİ SATİN AL
    metin2 pvp serverlar
    Instagram takipçi satin al

    ОтветитьУдалить
  6. Анонимный26 мая 2022 г. в 23:09

    Smm panel
    Smm panel
    İŞ İLANLARI BLOG
    İnstagram takipçi satın al
    HIRDAVATÇI BURADA
    Https://www.beyazesyateknikservisi.com.tr
    servis
    Tiktok Hile İndir

    ОтветитьУдалить
  7. izspa.net7 августа 2023 г. в 23:04

    good o enspa in hyderabad

    ОтветитьУдалить
  8. isha spa8 сентября 2023 г. в 08:35

    Understanding the pricing structure and available packages is essential for a budget-friendly experience visit body massage in bangalore

    ОтветитьУдалить
  9. Ramya Spa4 октября 2023 г. в 02:56

    From various massage parlour near me techniques to ambiance considerations, we'll cover it all, ensuring you make an informed choice for a serene experience.

    ОтветитьУдалить
  10. Body to Body Massage in Chennai25 декабря 2023 г. в 04:18

    Combining acupressure body massage near me energy balance, it goes beyond the superficial, delving into the core of physical and mental well-being......

    ОтветитьУдалить
  11. Melissa Owen19 января 2024 г. в 09:15

    Buy YouTube Subscribers" offers a rapid way for creators to increase their channel's following, enhancing their perceived popularity. It's important to ensure the purchased subscribers are genuine to comply with YouTube's policies. Despite the initial surge this method may offer, the key to long-term success lies in creating and delivering content that resonates with viewers.
    https://www.buyyoutubesubscribers.in/

    ОтветитьУдалить
  12. Pat S. Harvey6 февраля 2024 г. в 08:40

    Lasik eye surgery in Delhi presents a cutting-edge solution for individuals striving to correct their vision. This minimally invasive procedure involves reshaping the cornea using a precise laser, aiming to improve sight and reduce dependency on glasses or contact lenses. Reputable clinics in Delhi boast state-of-the-art technology and experienced surgeons, offering customised treatments to meet unique visual requirements. Patients benefit from a short recovery period and a remarkable improvement in vision, making Lasik a preferred choice for vision correction in the capital city.
    https://www.visualaidscentre.com/lasik-eye-surgery/

    ОтветитьУдалить
  13. Adventurous insights6 февраля 2024 г. в 10:05

    Этот комментарий был удален автором.

    ОтветитьУдалить
  14. Claire Divas9 февраля 2024 г. в 18:29

    Buying YouTube views is essentially buying the appearance of popularity. It's an investment that inflates video view counts artificially, often with the intent of escalating a channel's visibility and influence on the platform. Providers pitch it as a shortcut to credibility, luring creators with the prospect of tipping the scales in YouTube's algorithmic rankings. Yet, the practice bears inherent risks, not least of which is the potential breach of YouTube's terms of service—a violation that could result in penalties or channel deletion. More critically, it circumvents the organic construction of a dedicated viewer base. While it may boost numbers quickly, it lacks the substance of genuine user engagement and fails to cultivate the indispensable asset of creator-audience trust.
    https://www.buyyoutubeviewsindia.in/

    ОтветитьУдалить
  15. Adventurous insights9 февраля 2024 г. в 18:44

    Cheap web hosting in India bridges the gap between cost and accessibility for those stepping into the digital world. Offering essential services like ample storage and bandwidth, they are ideal for bloggers and small businesses. With localized servers, these hosting options ensure quick loading times, key for user engagement. They simplify the technical side with user-friendly interfaces and easy CMS installations. While they might lack in scalability and high-end features, the cost-benefit ratio is a major draw. These services democratize the Indian digital landscape, empowering users to take their first online steps affordably.
    https://onohosting.com/

    ОтветитьУдалить
  16. Foodie Crush13 февраля 2024 г. в 13:24

    As a strategy to falsely amplify a YouTube channel's popularity, buying subscribers is enticing but ill-advised. It offers a quick fix to enhance the channel's image but lacks the benefit of true viewer engagement. The subscribers obtained through such transactions are often bots or inactive accounts, offering no real interaction or contribution to a channel's community. This practice not only risks contravening YouTube's community guidelines but also undermines the authenticity needed for genuine growth. Moreover, it can lead to negative consequences such as the loss of subscribers and potential channel suspension. For sustainable success, creators are encouraged to focus on organic growth through valuable content and legitimate viewer engagement.
    https://buyyoutubesubscribersindia.weebly.com/

    ОтветитьУдалить
  17. Vegan Richa13 февраля 2024 г. в 13:56

    Purchasing Google reviews is akin to venturing into a minefield regarding online business reputation. Businesses may be tempted to swiftly enhance their appeal by buying fake reviews; however, such deceptive acts are not only against Google's guidelines but tarnish the trust of genuine customers. The short-lived spike in ratings fails to compensate for the long-term damage to credibility and the risk of punitive actions from Google, including the erasure of fraudulent reviews and potential legal implications. The authentic alternative—encouraging real customer feedback—not only aligns with ethical standards but solidifies a foundation of trust and loyalty, critical for any business aiming for longevity and respect in the digital marketplace.
    https://www.seoexpertindelhi.in/buy-google-reviews/

    ОтветитьУдалить
  18. Boundless Adventures21 февраля 2024 г. в 23:04

    Within the vibrant cityscape of Singapore, the nursing profession is both revered and progressive, offering healthcare professionals a chance to excel in a system renowned for its efficiency and innovation. Nurses here engage with cutting-edge medical technologies within top-tier hospitals and clinics, contributing to a healthcare system that is rated among the best globally. The government incentives for continual learning and professional development make Singapore a magnet for nursing talent. High remuneration packages alongside a high standard of living provide further attraction. The inclusive and multicultural environment also ensures that international nurses feel welcome and valued, making Singapore not just a place of work but also a home for professional excellence in nursing.
    https://dynamichealthstaff.com/nursing-jobs-in-singapore-for-indian-nurses

    ОтветитьУдалить
  19. Flavor Chronicles21 февраля 2024 г. в 23:24

    Discover India's premium yet affordable web hosting, where low cost meets high efficiency. Striking an ideal balance, our services offer powerful performance, a 99.9% uptime guarantee, and user-friendly tools that cater to both novice and professional users. Benefit from fast-loading websites, robust security, and scalable resources that grow with your needs. Our responsive 24/7 support team ensures your web presence is consistently top-notch. Indulge in cost-effective hosting that doesn't compromise on delivering a stellar online experience. Choose us for seamless, wallet-friendly web hosting excellence.
    https://hostinglelo.in/

    ОтветитьУдалить
  20. Budget Bytes21 февраля 2024 г. в 23:25

    Seize the competitive edge for your business with our specialized bulk Google reviews service in India. Tap into the power of positive testimonials, carefully curated to reflect the satisfaction of your real customers. Enhance your brand's visibility and credibility, while significantly boosting your search engine rankings and local SEO presence. Our packages are cost-efficient, providing a high return on investment by drawing more organic traffic and increasing conversions. With us, authenticity is paramount; every review is crafted to align with your customer's true experience. Benefit from a seamless buying experience, backed by our dedicated support team ensuring you're never alone in your journey to digital excellence. Join a multitude of satisfied Indian businesses that have already elevated their online reputation with our trustworthy bulk Google reviews.
    https://www.sandeepmehta.co.in/buy-google-reviews/

    ОтветитьУдалить
  21. Monica Montagne23 февраля 2024 г. в 06:35

    In the competitive world of music streaming, gaining visibility on platforms like Spotify is crucial. With our cost-effective solution, you can now purchase Spotify followers at unbeatable prices. Strengthen your online presence and attract more listeners to your music effortlessly. Our services are tailored to fit any budget, making it easier for independent artists to thrive in the digital landscape. Say goodbye to struggling for recognition and hello to a growing fanbase. Invest in your music career wisely and watch your popularity soar on Spotify. Don't miss out on this opportunity to stand out in the crowded music scene. Take the first step towards success today by purchasing Spotify followers at pocket-friendly rates. Elevate your profile, increase your streams, and unlock new opportunities for your music. Join countless satisfied artists who have already experienced the benefits of our affordable follower packages. Don't wait any longer – start building your Spotify empire now!
    https://www.spotifyfame.com/

    ОтветитьУдалить
  22. Nursing Profession in Kuwait24 февраля 2024 г. в 06:10

    Looking to boost your Twitch channel instantly? Consider the option to buy instant Twitch followers and jumpstart your streaming career! Purchasing followers can give your channel the initial momentum it needs to attract more viewers and engagement. Increase your follower count and enhance your credibility as a content creator. Don't let your channel struggle for recognition – invest in instant followers and stand out from the competition. With more followers, you'll have a better chance of getting noticed by Twitch algorithms and ranking higher in searches. Take control of your streaming success and buy instant Twitch followers today. Elevate your channel and reach a wider audience with this strategic investment. Join the growing number of streamers who have utilized this method to accelerate their growth. Maximize your potential and achieve the recognition you deserve on Twitch!
    https://twitchviral.com/

    ОтветитьУдалить
  23. Homeopathic Doctors in Delhi25 февраля 2024 г. в 05:09

    Need a quick boost for your YouTube channel? Consider purchasing fast YouTube views. With rapid views, you can jumpstart your visibility and increase your reach in no time. Say goodbye to waiting around for growth and hello to instant results. Buying fast YouTube views is a shortcut to success in the competitive online landscape. Speed up your journey to becoming a YouTube sensation with this strategic investment. Quality views delivered swiftly ensure your content gets noticed when it matters most. Don't miss out on the opportunity to skyrocket your channel's popularity. Take action today and buy fast YouTube views to make an immediate impact.
    https://sites.google.com/site/buyytviewindia/

    ОтветитьУдалить
  24. Vaishali M18 марта 2024 г. в 03:36

    cool one
    female to male body massage near me

    ОтветитьУдалить
  25. Aboulay Thomas19 марта 2024 г. в 01:25

    Experience the pinnacle of vision correction with Silk Surgery in India. Our advanced procedure offers precise and personalized solutions for refractive errors. Say goodbye to glasses and contacts as we reshape your vision with cutting-edge technology. Trust our skilled surgeons to deliver optimal results tailored to your unique needs. Rediscover the world with clarity and confidence, free from the constraints of poor vision. Silk Surgery ensures safety and effectiveness, providing a life-changing solution for various eye conditions. Embrace clear vision and a brighter future through our innovative approach to eye care.
    https://medium.com/@pojagupta/silk-eye-surgery-elita-860c70c593ad

    ОтветитьУдалить
  26. Flavor Fusion19 марта 2024 г. в 01:37

    Experience the transformative magic of Smile Pro Eye Treatment. Say goodbye to tired, puffy eyes and hello to a refreshed, youthful gaze. Our innovative approach combines advanced technology with expert care to rejuvenate your eyes effectively and safely. Rediscover confidence as your eyes sparkle with renewed brightness and vitality. Trust in our dedicated team to tailor each treatment to your unique needs, ensuring optimal results. Embrace the beauty of radiant eyes with Smile Pro Eye Treatment, where every session is a step towards a more vibrant you. Say hello to a brighter future with the Smile Pro difference.
    https://smileproeyesurgery.medium.com/smile-pro-eye-surgery-in-delhi-fbafc721a9ce

    ОтветитьУдалить
  27. Vegan Richa19 марта 2024 г. в 02:05

    Welcome to Smile Pro Eye Clinic in Delhi, where we specialize in rejuvenating your gaze with precision and care. Our expert team utilizes advanced techniques to enhance your natural beauty and boost your confidence. Say goodbye to tired eyes and hello to a refreshed, youthful appearance with our personalized treatments. Whether you seek to reduce under-eye bags, wrinkles, or enhance your eye aesthetics, we've got you covered. Trust in our commitment to excellence as we redefine eye care in the heart of Delhi. Let your eyes sparkle with newfound radiance at Smile Pro Eye Clinic, where every smile begins with brighter eyes.
    https://www.linkedin.com/pulse/smile-pro-eye-surgery-delhi-romila-chaudhary-y5imc/

    ОтветитьУдалить
  28. Johnny B21 марта 2024 г. в 03:04

    Searching for top-quality trophies? Look no further than trophy manufacturers in India! With unparalleled craftsmanship and attention to detail, our trophies stand out. Whether for sports, corporate events, or academic achievements, we have the perfect trophy for you. Elevate your awards ceremony with our exquisite designs and customization options. Proudly made in India, our trophies reflect excellence and prestige. Trust the expertise of India's finest trophy manufacturers for your recognition needs. Order now and celebrate success with distinction!
    https://www.angelstrophies.com/

    ОтветитьУдалить
  29. Devilonwheels21 марта 2024 г. в 03:34

    Need legal guidance for your matrimonial matters? Look no further than the best matrimonial lawyer in Delhi! With expertise in family law, we offer compassionate support and strategic counsel. Trust us to navigate through complexities and protect your rights. Our personalized approach ensures tailored solutions for your unique situation. Whether it's divorce, child custody, or alimony disputes, we're here to advocate for you. Don't face these challenges alone—reach out to the top matrimonial lawyer in Delhi today for peace of mind and a favorable resolution.
    https://bestdivorcelawyerindelhi.com/

    ОтветитьУдалить
  30. sdaff22 марта 2024 г. в 09:43

    Colorectal cancer specialists in Ahmedabad stand as pioneers in the field of oncology, combining cutting-edge treatment options with a deeply personal approach to patient care. With a focus on utilizing the latest in surgical techniques, chemotherapy, and targeted therapies, these experts are dedicated to offering treatments that are both effective and tailored to the patient's specific needs. Their expertise extends to innovative diagnostic tools that aid in early detection and treatment planning, reflecting a comprehensive approach to battling colorectal cancer. Beyond their clinical skills, these specialists are known for their compassionate support and communication, ensuring that every patient feels heard, understood, and never alone in their journey. In the bustling healthcare landscape of Ahmedabad, they represent a blend of technical excellence and heartfelt empathy, dedicated to improving outcomes and enhancing the quality of life for their patients.
    https://drvirajlavingia.com/

    ОтветитьУдалить
  31. seema gupta22 марта 2024 г. в 10:04

    Breast cancer specialists in Gurgaon are renowned for blending exceptional medical acumen with compassionate patient care. Leveraging the most advanced technologies and therapeutic methods, they provide personalized treatments tailored to meet the unique needs and circumstances of each patient. Their approach is holistic, ensuring that patients receive comprehensive support that addresses not just the physical implications of breast cancer but also its psychological and emotional aspects. These specialists are at the forefront of medical research, continuously integrating the latest scientific discoveries into their practice to improve patient outcomes. They place a high value on patient education, empowering those they treat with the knowledge to make informed decisions about their health care. Their dedication to their patients' well-being and recovery sets them apart, making them highly respected figures in the medical community of Gurgaon.
    https://www.breastoncosurgery.com/

    ОтветитьУдалить
  32. Palate Paradise23 марта 2024 г. в 06:02

    Are you a qualified nurse seeking opportunities in the UK but don't have an IELTS score? Look no further! Our agency specializes in connecting skilled nurses with UK healthcare facilities without the need for an IELTS certification. Join our network of healthcare professionals and unlock a world of career possibilities. We understand the challenges of obtaining language proficiency tests and offer pathways to employment without this requirement. With a shortage of nurses in the UK, now is the perfect time to pursue your dream job. Benefit from competitive salaries, career advancement opportunities, and a supportive work environment. Take the first step towards your UK nursing career today. Contact us to explore your options and start your journey to success!
    https://suntechhealthcarepro.com/nursing-jobs-in-uk-without-ielts/

    ОтветитьУдалить
  33. anecdotes2 апреля 2024 г. в 03:31

    Looking to boost your YouTube channel's credibility? Buy Legit YouTube Subscribers from us and watch your audience grow authentically. Our service delivers genuine subscribers who engage with your content, increasing your channel's visibility and reach. Say goodbye to fake accounts and unreliable growth tactics – we provide real results that you can trust. With our transparent and secure process, you can rest assured that your subscriber base is legitimate. Expand your channel's influence and attract more viewers with our legit subscriber service. Don't settle for inflated numbers – invest in authentic growth for your YouTube channel today. Experience the power of genuine subscribers and elevate your online presence to new heights. Unlock the potential of legit YouTube Subscribers and achieve success with integrity.
    https://www.deccanherald.com/brandspot/pr-spot/buy-youtube-views-subscribers-the-company-that-is-churning-successful-youtube-stories-one-after-another-1118911.html/

    ОтветитьУдалить
  34. Ramblings6 апреля 2024 г. в 21:16

    Looking to boost your YouTube presence? Buy online YouTube subscribers and amplify your channel's reach effortlessly. With a few clicks, watch your subscriber count soar, giving your content instant credibility. Increase your visibility and attract organic viewership with a larger subscriber base. Gain a competitive edge in the crowded online space and stand out from the crowd. Choose from a variety of packages tailored to suit your needs and budget. Enhance your channel's authority and attract advertisers and collaborators. Rest assured, our services adhere to YouTube's guidelines for safe and effective growth. Invest in your success today and watch your channel thrive with purchased YouTube subscribers. Unlock the potential for greater engagement and monetization opportunities.
    https://www.aninews.in/news/business/business/viral-promotions-the-company-that-has-created-stars-out-of-youtubers20230328182117/

    ОтветитьУдалить
  35. Love and Lemons.12 апреля 2024 г. в 01:10

    Looking to boost your YouTube presence? Consider leveraging the option to purchase inexpensive YouTube subscribers. It's a strategy that many content creators utilize to kickstart their channels. Increasing your subscriber count can enhance your channel's credibility and visibility. However, ensure you're purchasing from reputable sources to avoid any negative repercussions. Remember, quality content remains the ultimate key to long-term success on YouTube. So, while buying subscribers can give you a quick boost, focus on creating engaging content to retain and grow your audience organically. Explore your options wisely and make informed decisions to support your channel's growth effectively.
    https://www.theweek.in/news/biz-tech/2022/07/07/buy-youtube-views-and-grow-your-business-in-2022.html

    ОтветитьУдалить
  36. travejars2 мая 2024 г. в 05:45

    Its an interesting and useful information. We all get highly motivation from this .
    Maldives Tour Packages

    ОтветитьУдалить
  37. Sweet Peas and Saffron4 августа 2024 г. в 14:43

    Ecommerce Website Design in Delhi specializes in creating tailored online shopping platforms for businesses seeking to thrive in the digital marketplace. Their skilled team combines innovative design with robust functionality to craft websites that enhance user experience and drive sales. Focusing on mobile responsiveness, they ensure that each site performs seamlessly across all devices, catering to a diverse customer base. With a commitment to security, they implement best practices for payment processing and data protection. Transparent pricing structures, free from hidden fees, enable clients to budget effectively while maximising their investment. Additionally, the service offers ongoing support to help businesses adapt to evolving market trends. Choose Ecommerce Website Design in Delhi to elevate your online store's presence and boost customer engagement. Trust them to transform your vision into a successful ecommerce solution.
    https://olycoder.com/ecommerce-website-design-delhi

    ОтветитьУдалить
  38. Roaming Routes.5 августа 2024 г. в 14:57

    Hair regrowth treatments for women in Australia are designed to address common concerns of hair thinning and loss. Among the leading options is Minoxidil, which is specifically formulated for female pattern hair loss and is available at a 2% concentration. This topical solution operates by increasing blood flow to the scalp, which nourishes hair follicles and stimulates growth. Many women report visible results within a few months of regular usage, making it a popular choice. Minimal side effects enhance its appeal, as it is accessible to a wide range of users. Consistency in application is important, as discontinuing treatment can lead to a reversal of results. For tailored recommendations, consulting with a healthcare professional is encouraged. As the market continues to expand, women in Australia are gaining confidence in managing their hair health.
    https://generichealth.com.au/minoxidil-hair-loss/

    ОтветитьУдалить
  39. Sonia Yadav15 августа 2024 г. в 15:05

    House Removals Edinburgh is your premier choice for comprehensive relocation services tailored for both homeowners and tenants. With a dedicated team of professionals, they ensure a seamless moving experience by handling each step of the process, from packing and loading to transportation and unloading. Their expertise spans local and long-distance moves, providing personalised plans to meet individual client needs. Emphasising care and attention, they guarantee that every item, from fragile antiques to large furniture, is transported safely. Competitive pricing, free from hidden fees, allows clients to manage their budgets confidently. Equipped with a modern fleet of vehicles, House Removals Edinburgh is well-prepared for any moving challenge. Trust them to simplify your moving day, enabling you to focus on settling into your new home. Experience a hassle-free transition with their reliable and professional service.
    https://eh1-edinburghremovals.co.uk/house-removals-in-edinburgh/

    ОтветитьУдалить
  40. MRpilefoundations4 октября 2024 г. в 04:07

    A clear code explanation this is very useful for learning developers , thanks for sharing this information.
    pile foundation bangalore

    ОтветитьУдалить

Подписаться на: Комментарии к сообщению (Atom)