Nate Thornton

Nate Thornton

I’m a Security Operations Center Manager working in the financial industry and I’m working on developing my technical skills to increase my understanding of cybersecurity concepts. If you run into any inaccuracies or omissions on the site, please feel free to contact me at one of the links below.

IMDS Exploration Challenge - 2021 SANS Holiday Hack Challenge

less than 1 minute read

In this challenge, we learn about the Instance Metadata Service (IMDS), which is used by many cloud providers. This challenge is mostly on-rails with you just typing in what they ask of you.

Play the 2021 SANS Holiday Hack Challenge

The first thing we’re asked to do is “send a couple of ping packets” to a server with a specified IP (169.254.169.254).

ping 169.254.169.254

In the next two sections, we run the commands as instructed as we learn the basics of IMDS:

curl http://169.254.169.254
curl http://169.254.169.254/latest
curl http://169.254.169.254/latest/dynamic
curl http://169.254.169.254/latest/dynamic/instance-identity/document
curl http://169.254.169.254/latest/dynamic/instance-identity/document | jq


curl http://169.254.169.254/latest/meta-data
curl http://169.254.169.254/latest/meta-data/public-hostname
curl http://169.254.169.254/latest/meta-data/public-hostname; echo
curl http://169.254.169.254/latest/meta-data/iam/security-credentials; echo
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/elfu-deploy-role; echo

Now we discuss IMDSv2. Here is the final set of commands:

cat gettoken.sh
source gettoken.sh
echo $TOKEN
curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/region
exit

Updated:

You May Also Enjoy

Upgrading Shells

less than 1 minute read

If you get a non-teletype (TTY) shell, you can potentially upgrade it to a teletype shell for more functionality and fewer restrictions using the instruction...