Interesting Stuff

AWS CloudGoat EC2 SSRF Exploitation

Hackingarticles.in
AWS CloudGoat EC2 SSRF Exploitation
This article walks through a CloudGoat ec2_ssrf lab that demonstrates how an attacker can exploit a Server-Side Request Forgery (SSRF) in an EC2-hosted web application to access the AWS Instance Metadata Service and steal IAM credentials. The step-by-step walkthrough covers lab setup, enumeration of Lambda, EC2, and S3, credential pivoting to escalate privileges, and recommendations such as enforcing IMDSv2 and least-privilege IAM to mitigate the risk. #CloudGoat #SSRF

Keypoints

  • CloudGoat deploys a vulnerable-by-design AWS environment to safely practice attacks.
  • Attackers exploit SSRF to query the EC2 metadata service and retrieve IAM role credentials.
  • Stolen credentials enable enumeration of Lambda, EC2, and S3, leading to credential pivoting and privilege escalation.
  • The walkthrough details setup steps including IAM configuration, Terraform, AWS CLI, and launching the ec2_ssrf scenario.
  • Mitigations include enforcing IMDSv2, restricting metadata access and outbound requests, and applying least-privilege IAM roles.

Read More: https://www.hackingarticles.in/aws-cloudgoat-ec2-ssrf-exploitation/