IMDS Exploration Challenge - 2021 SANS Holiday Hack Challenge

less than 1 minute read

In this challenge, we learn about the Instance Metadata Service (IMDS), which is used by many cloud providers. This challenge is mostly on-rails with you just typing in what they ask of you.

Play the 2021 SANS Holiday Hack Challenge

The first thing we’re asked to do is “send a couple of ping packets” to a server with a specified IP (169.254.169.254).

ping 169.254.169.254

In the next two sections, we run the commands as instructed as we learn the basics of IMDS:

curl http://169.254.169.254
curl http://169.254.169.254/latest
curl http://169.254.169.254/latest/dynamic
curl http://169.254.169.254/latest/dynamic/instance-identity/document
curl http://169.254.169.254/latest/dynamic/instance-identity/document | jq


curl http://169.254.169.254/latest/meta-data
curl http://169.254.169.254/latest/meta-data/public-hostname
curl http://169.254.169.254/latest/meta-data/public-hostname; echo
curl http://169.254.169.254/latest/meta-data/iam/security-credentials; echo
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/elfu-deploy-role; echo

Now we discuss IMDSv2. Here is the final set of commands:

cat gettoken.sh
source gettoken.sh
echo $TOKEN
curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/region
exit

Updated: