Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSRFとmetadata

Avatar for Yuya Asato Yuya Asato
January 19, 2019
Research
220
0

 SSRFとmetadata

2018/01/19に行われたJAWS-UG沖縄の登壇資料です。
https://jaws-ug-okinawa.doorkeeper.jp/events/85333

Avatar for Yuya Asato

Yuya Asato

January 19, 2019

More Decks by Yuya Asato

See All by Yuya Asato
フルクラウド環境下でのペネトレーションテスト
Avatar for Yuya Asato 328
3
1.5k
JAWS DAYS 2018 LT
Avatar for Yuya Asato 328
0
48

Other Decks in Research

See All in Research
IEEE AIxVR 2026 Keynote Talk: "Beyond Visibility: Understanding Scenes and Humans under Challenging Conditions with Diverse Sensing"
Avatar for Mariko Isogawa miso2024
0
190
羽田新ルート運用6年の検証
Avatar for マン点 1manken
0
160
さくらインターネット研究所テックトーク2026春、研究開発Gr.25年度成果26年度方針
Avatar for KIKUCHI Shunsuke kikuzo
0
140
正規分布と最適化について
Avatar for koide3 koide3
0
230
言語モデルから言語について語る際に押さえておきたいこと
Avatar for Sho Yokoi eumesy
PRO
5
2.3k
2026-01-30-MandSL-textbook-jp-cos-lod
Avatar for Yuka Egusa yegusa
1
1.3k
AY 2026 Guide to Academic Writing Using Generative AI - Workshop
Avatar for Kenji Saito ks91
PRO
0
110
AIエージェント時代のLLM-jpモデルのあるべき姿
Avatar for Kouta Nakayama k141303
0
420
2026 東京科学大 情報通信系 研究室紹介 (大岡山)
Avatar for Tokyo Tech ICT Dept. icttitech
0
3.6k
Φ-Sat-2のAutoEncoderによる情報圧縮系論文
Avatar for SatAI.challenge satai
4
730
NLP colloquium: AI Safety Survey
Avatar for Masahiro Kaneko kanekomasahiro
0
490
「AIとWhyを深堀る」をAIと深堀る
Avatar for なつ iflection
0
440

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
52k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
211
24k
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
1
370
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
130
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
830
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
210
Odyssey Design
Avatar for Ryan Kendrick rkendrick25
PRO
2
650
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
Avatar for Ryan Jones ryanjones
0
150
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
1
240
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
239
140k
Money Talks: Using Revenue to Get Sh*t Done
Avatar for Nikki Halliwell nikkihalliwell
0
240
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
61
9.9k

Transcript

  1. SSRFͱmetadata JAWS-UGԭೄ
 2018.01.19
 Core Member YUYA ASATO 
 @328__

  2. ࣗݾ঺հ • Name : ҆ཬ ༔໼
 Twitter : @328__
 JAWS-UGԭೄ

    ίΞϝϯόʔ • ීஈ͸ηΩϡϦςΟͳ
 ͓࢓ࣄΛͯ͠·͢

  3. AWSͷ੹೚ڞ༗Ϟσϧ https://aws.amazon.com/jp/compliance/shared-responsibility-model/

  4. IAM ϩʔϧ࢖ͬͯ·͔͢ʁ

  5. IAM
 (Identity and Access Management) AWSαʔϏεͷૢ࡞ΛΑΓηΩϡΞʹߦ͏ͨΊͷ
 ೝূɾೝՄͷ࢓૊Έ *".Ϣʔβ *".ϩʔϧ -

    ϚωδϝϯτίϯιʔϧͷϩάΠϯ - ར༻ऀ(User)୯ҐͰ࡞੒ - αʔϏε୯ҐͰAWSૢ࡞ݖݶΛ෇༩

  6. IAMϩʔϧΛ࢖͏ϝϦοτ • IAMϢʔβΑΓ΋ೝূ৘ใͷ؅ཧָ͕ • ೝূ৘ใͷࣗಈߋ৽͕Մೳ • ΞϓϦέʔγϣϯ΁ͷϋʔυίʔσΟϯά๷ࢭ

  7. IAMϩʔϧͱmetadata • ԼهͷURLʹcredentials͕ଘࡏ
 http://169.254.169.254/latest/meta-data/iam/security- credentials/ • ͜͜ʹcredentials͕ೖ͍ͬͯΔͷͰAWS CLI ΍AWS SDK͕ར༻Ͱ͖Δ

    metadataΛಡΈࠐΉ͜ͱͰ
 AWSϦιʔε΁ͷΞΫηε͕Մೳ https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

  8. IAM Roleͷར༻ = ҆શʁ • ೝূ৘ใΛਓ͕ؒ؅ཧ͠ͳ͍෼ʹ͸҆શ • ֎෦͔ΒmetadataʹΞΫηεͰ͖ͯ͠·͑͹ ೝূ৘ใΛ઄औ͢Δ͜ͱ͸Մೳ

  9. SSRF
 (Server Side Request Forgery) • ߈ܸऀ͔Β௚઀౸ୡͰ͖ͳ͍αʔόʹ
 ର͢Δ߈ܸख๏

  10. SSRFΛར༻ͨ͠ೝূ৘ใͷऔಘ demo

  11. ରࡦ • Ͱ͖Δ͜ͱͳΒϢʔβ͔ΒURL,ύεͷೖྗΛड͚෇͚ͳ͍ • ڐՄ͞ΕͨURLͷҰཡදʢϗϫΠτϦετʣΛ࡞੒ͯ͠Ξ ΫηεͰ͖ΔൣғΛݶఆ͢Δ • Ϩεϙϯεͷݕূͱ͔΋΍ͬͨ΄͏͕͍͍ʁ • IAMϩʔϧʹ෇༩͢ΔݖݶΛ࠷খԽ


    AdministratorAccessͱ͔౉ͪ͠Όμϝ…

  12. ରࡦͷ೉͠͞ • αʔϏεͰAWSSDK࢖ͬͯͨΓ͢Δͱ
 firewalldͰϒϩοΫͰ͖ͳ͍ • ೖྗ஋ΛϑΟϧλ͢Δͷ΋ͳ͔ͳ͔೉͍͠
 8ਐ਺, 16ਐ਺ͷࠞࡏදه΋Ͱ͖Δ
 http://0xA9FEA9FE
 http://0xA9.0xFE.0xA9.0xFE


    http://0251.0376.0251.0376
 http://0xA9.0376.0251.0xFE

  13. ࡶײ • WebΞϓϦέʔγϣϯʹ੬ऑੑ͕͋Ε͹
 AWSͷೝূ৘ใΛ֎෦͔ΒऔಘͰ͖Δ • ೖྗ஋ͷݕূͬͯ೉͍͠….