From Zero Access to AWS Keys: EC2 Metadata Exploit Walkthrough

Описание: Starting with zero access and no credentials, this walkthrough shows how a simple misconfiguration in a reverse-proxy server can expose an entire cloud environment.

In this video, you’ll learn how to:

Exploit a Host-header based SSRF to reach the EC2 Instance Metadata Service (IMDS)

Enumerate available IMDS API versions

Retrieve the instance profile IAM role name

Extract temporary AWS access keys exposed by the metadata service

Configure AWS CLI with stolen credentials

Discover accessible S3 buckets

Access and exfiltrate sensitive files stored in S3

Understand the root cause (proxy misconfiguration) and how to fix it