Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSRFとmetadata

Yuya Asato
January 19, 2019
Research
0
210

 SSRFとmetadata

2018/01/19に行われたJAWS-UG沖縄の登壇資料です。
https://jaws-ug-okinawa.doorkeeper.jp/events/85333

Yuya Asato

January 19, 2019
Tweet

More Decks by Yuya Asato

See All by Yuya Asato
フルクラウド環境下でのペネトレーションテスト
328
3
1.1k
JAWS DAYS 2018 LT
328
0
41

Other Decks in Research

See All in Research
新規のC言語処理系を実装することによる
組込みシステム研究にもたらす価値
についての考察
zacky1972
0
140
論文紹介/Expectations over Unspoken Alternatives Predict Pragmatic Inferences
chemical_tree
1
260
情報処理学会関西支部2024年度定期講演会「自然言語処理と大規模言語モデルの基礎」
ksudoh
6
800
文献紹介:A Multidimensional Framework for Evaluating Lexical Semantic Change with Social Science Applications
a1da4
1
220
[CV勉強会@関東 CVPR2024] Visual Layout Composer: Image-Vector Dual Diffusion Model for Design Layout Generation / kantocv 61th CVPR 2024
shunk031
1
460
文化が形作る音楽推薦の消費と、その逆
kuri8ive
0
160
Language is primarily a tool for communication rather than thought
ryou0634
4
740
さんかくのテスト.pdf
sankaku0724
0
350
Physics of Language Models: Part 3.1, Knowledge Storage and Extraction
sosk
1
950
Kaggle役立ちアイテム紹介(入門編)
k951286
14
4.6k
Weekly AI Agents News! 8月号 プロダクト/ニュースのアーカイブ
masatoto
1
190
MIRU2024チュートリアル「様々なセンサやモダリティを用いたシーン状態推定」
miso2024
4
2.2k

Featured

See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Building Applications with DynamoDB
mza
90
6.1k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
What's in a price? How to price your products and services
michaelherold
243
12k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Visualization
eitanlees
145
15k
Designing for humans not robots
tammielis
250
25k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
How to Ace a Technical Interview
jacobian
276
23k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Site-Speed That Sticks
csswizardry
0
28

Transcript

  1. SSRFͱmetadata JAWS-UGԭೄ
 2018.01.19
 Core Member YUYA ASATO 
 @328__

  2. ࣗݾ঺հ • Name : ҆ཬ ༔໼
 Twitter : @328__
 JAWS-UGԭೄ

    ίΞϝϯόʔ • ීஈ͸ηΩϡϦςΟͳ
 ͓࢓ࣄΛͯ͠·͢

  3. AWSͷ੹೚ڞ༗Ϟσϧ https://aws.amazon.com/jp/compliance/shared-responsibility-model/

  4. IAM ϩʔϧ࢖ͬͯ·͔͢ʁ

  5. IAM
 (Identity and Access Management) AWSαʔϏεͷૢ࡞ΛΑΓηΩϡΞʹߦ͏ͨΊͷ
 ೝূɾೝՄͷ࢓૊Έ *".Ϣʔβ *".ϩʔϧ -

    ϚωδϝϯτίϯιʔϧͷϩάΠϯ - ར༻ऀ(User)୯ҐͰ࡞੒ - αʔϏε୯ҐͰAWSૢ࡞ݖݶΛ෇༩

  6. IAMϩʔϧΛ࢖͏ϝϦοτ • IAMϢʔβΑΓ΋ೝূ৘ใͷ؅ཧָ͕ • ೝূ৘ใͷࣗಈߋ৽͕Մೳ • ΞϓϦέʔγϣϯ΁ͷϋʔυίʔσΟϯά๷ࢭ

  7. IAMϩʔϧͱmetadata • ԼهͷURLʹcredentials͕ଘࡏ
 http://169.254.169.254/latest/meta-data/iam/security- credentials/ • ͜͜ʹcredentials͕ೖ͍ͬͯΔͷͰAWS CLI ΍AWS SDK͕ར༻Ͱ͖Δ

    metadataΛಡΈࠐΉ͜ͱͰ
 AWSϦιʔε΁ͷΞΫηε͕Մೳ https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

  8. IAM Roleͷར༻ = ҆શʁ • ೝূ৘ใΛਓ͕ؒ؅ཧ͠ͳ͍෼ʹ͸҆શ • ֎෦͔ΒmetadataʹΞΫηεͰ͖ͯ͠·͑͹ ೝূ৘ใΛ઄औ͢Δ͜ͱ͸Մೳ

  9. SSRF
 (Server Side Request Forgery) • ߈ܸऀ͔Β௚઀౸ୡͰ͖ͳ͍αʔόʹ
 ର͢Δ߈ܸख๏

  10. SSRFΛར༻ͨ͠ೝূ৘ใͷऔಘ demo

  11. ରࡦ • Ͱ͖Δ͜ͱͳΒϢʔβ͔ΒURL,ύεͷೖྗΛड͚෇͚ͳ͍ • ڐՄ͞ΕͨURLͷҰཡදʢϗϫΠτϦετʣΛ࡞੒ͯ͠Ξ ΫηεͰ͖ΔൣғΛݶఆ͢Δ • Ϩεϙϯεͷݕূͱ͔΋΍ͬͨ΄͏͕͍͍ʁ • IAMϩʔϧʹ෇༩͢ΔݖݶΛ࠷খԽ


    AdministratorAccessͱ͔౉ͪ͠Όμϝ…

  12. ରࡦͷ೉͠͞ • αʔϏεͰAWSSDK࢖ͬͯͨΓ͢Δͱ
 firewalldͰϒϩοΫͰ͖ͳ͍ • ೖྗ஋ΛϑΟϧλ͢Δͷ΋ͳ͔ͳ͔೉͍͠
 8ਐ਺, 16ਐ਺ͷࠞࡏදه΋Ͱ͖Δ
 http://0xA9FEA9FE
 http://0xA9.0xFE.0xA9.0xFE


    http://0251.0376.0251.0376
 http://0xA9.0376.0251.0xFE

  13. ࡶײ • WebΞϓϦέʔγϣϯʹ੬ऑੑ͕͋Ε͹
 AWSͷೝূ৘ใΛ֎෦͔ΒऔಘͰ͖Δ • ೖྗ஋ͷݕূͬͯ೉͍͠….