Skip to content

Files

Latest commit

fa7d069 · Jun 9, 2022

History

History

ecs_ssrf

README.md

Alibaba Cloud ECS SSRF Vulnerable Environment

English | 中文

Description

This is a scenario used to build the Alibaba Cloud ECS SSRF vulnerability environment.

After building the environment with Terraform, users can obtain metadata and user data and other information on ECS through the SSRF vulnerabilities.

Deployment Environment

Execute the following command in the container

cd /TerraformGoat/aliyun/ecs/ecs_ssrf/

Configure Alibaba Cloud Access Credentials

aliyun configure

You can create and view your AccessKey on the AccessKey page of the Alibaba Cloud console

Deploy Vulnerable Environment

terraform init
terraform apply

When the terminal prompts Enter a value:, enter yes

img

After the environment is set up, You can see the access address of the scenario at Outputs, then access to the browser.

Vulnerability Utilization

On ECS with SSRF vulnerabilities, we can use SSRF to read ECS metadata, user data and other information.

read metadata

http://100.100.100.200/latest/meta-data/

img

read user data

The premise is that the target has been configured with user data, otherwise will be disconnected.

http://100.100.100.200/latest/user-data/

img

In the user data information, you can see that there is a flag file in the root directory of the scenario, try to use SSRF to read this file.

file:///flag69152201.txt

img

Successfully read the flag file.

Destroy the environment

terraform destroy