Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSRFとmetadata
Search
Yuya Asato
January 19, 2019
Research
0
210
SSRFとmetadata
2018/01/19に行われたJAWS-UG沖縄の登壇資料です。
https://jaws-ug-okinawa.doorkeeper.jp/events/85333
Yuya Asato
January 19, 2019
Tweet
Share
More Decks by Yuya Asato
See All by Yuya Asato
フルクラウド環境下でのペネトレーションテスト
328
3
1k
JAWS DAYS 2018 LT
328
0
39
Other Decks in Research
See All in Research
MIRU2024チュートリアル「様々なセンサやモダリティを用いたシーン状態推定」
miso2024
3
1.9k
WikipediaやYouTubeにおける論文参照 / joss2024
corgies
1
240
「確率的なオウム」にできること、またそれがなぜできるのかについて
eumesy
PRO
7
2.8k
Embers of Autoregression: Understanding Large Language Models Through the Problem They are Trained to Solve
eumesy
PRO
6
980
Generative Predictive Model for Autonomous Driving 第61回 コンピュータビジョン勉強会@関東 (後編)
kentosasaki
0
160
RCEへの近道
kawakatz
1
750
#SRE論文紹介 Detection is Better Than Cure: A Cloud Incidents Perspective V. Ganatra et. al., ESEC/FSE’23
yuukit
3
1.2k
大規模言語モデルを用いた日本語視覚言語モデルの評価方法とベースラインモデルの提案 【MIRU 2024】
kentosasaki
2
420
スモールデータ勉強会発表資料
natsutan
0
580
LINEチャットボット「全力肯定彼氏くん(LuC4)」の 1年を振り返る
o_ob
0
1.4k
【ICASSP2024】音声変換に関する全論文まとめ【Parakeet株式会社】
supikiti
0
700
自然言語とVision&Language
kuehara
20
5k
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
508
110k
Infographics Made Easy
chrislema
239
18k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
23
1.7k
Building Better People: How to give real-time feedback that sticks.
wjessup
359
18k
What's new in Ruby 2.0
geeforr
340
31k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
227
52k
Code Reviewing Like a Champion
maltzj
518
39k
Fantastic passwords and where to find them - at NoRuKo
philnash
48
2.8k
Raft: Consensus for Rubyists
vanstee
135
6.5k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
24
3.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
32k
Transcript
SSRFͱmetadata JAWS-UGԭೄ 2018.01.19 Core Member YUYA ASATO @328__
ࣗݾհ • Name : ҆ཬ ༔ Twitter : @328__ JAWS-UGԭೄ
ίΞϝϯόʔ • ීஈηΩϡϦςΟͳ ͓ࣄΛͯ͠·͢
AWSͷڞ༗Ϟσϧ https://aws.amazon.com/jp/compliance/shared-responsibility-model/
IAM ϩʔϧͬͯ·͔͢ʁ
IAM (Identity and Access Management) AWSαʔϏεͷૢ࡞ΛΑΓηΩϡΞʹߦ͏ͨΊͷ ೝূɾೝՄͷΈ *".Ϣʔβ *".ϩʔϧ -
ϚωδϝϯτίϯιʔϧͷϩάΠϯ - ར༻ऀ(User)୯ҐͰ࡞ - αʔϏε୯ҐͰAWSૢ࡞ݖݶΛ༩
IAMϩʔϧΛ͏ϝϦοτ • IAMϢʔβΑΓೝূใͷཧָ͕ • ೝূใͷࣗಈߋ৽͕Մೳ • ΞϓϦέʔγϣϯͷϋʔυίʔσΟϯάࢭ
IAMϩʔϧͱmetadata • ԼهͷURLʹcredentials͕ଘࡏ http://169.254.169.254/latest/meta-data/iam/security- credentials/ • ͜͜ʹcredentials͕ೖ͍ͬͯΔͷͰAWS CLI AWS SDK͕ར༻Ͱ͖Δ
metadataΛಡΈࠐΉ͜ͱͰ AWSϦιʔεͷΞΫηε͕Մೳ https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
IAM Roleͷར༻ = ҆શʁ • ೝূใΛਓ͕ؒཧ͠ͳ͍ʹ҆શ • ֎෦͔ΒmetadataʹΞΫηεͰ͖ͯ͠·͑ ೝূใΛऔ͢Δ͜ͱՄೳ
SSRF (Server Side Request Forgery) • ߈ܸऀ͔Β౸ୡͰ͖ͳ͍αʔόʹ ର͢Δ߈ܸख๏
SSRFΛར༻ͨ͠ೝূใͷऔಘ demo
ରࡦ • Ͱ͖Δ͜ͱͳΒϢʔβ͔ΒURL,ύεͷೖྗΛड͚͚ͳ͍ • ڐՄ͞ΕͨURLͷҰཡදʢϗϫΠτϦετʣΛ࡞ͯ͠Ξ ΫηεͰ͖ΔൣғΛݶఆ͢Δ • Ϩεϙϯεͷݕূͱ͔ͬͨ΄͏͕͍͍ʁ • IAMϩʔϧʹ༩͢ΔݖݶΛ࠷খԽ
AdministratorAccessͱ͔ͪ͠Όμϝ…
ରࡦͷ͠͞ • αʔϏεͰAWSSDKͬͯͨΓ͢Δͱ firewalldͰϒϩοΫͰ͖ͳ͍ • ೖྗΛϑΟϧλ͢Δͷͳ͔ͳ͔͍͠ 8ਐ, 16ਐͷࠞࡏදهͰ͖Δ http://0xA9FEA9FE http://0xA9.0xFE.0xA9.0xFE
http://0251.0376.0251.0376 http://0xA9.0376.0251.0xFE
ࡶײ • WebΞϓϦέʔγϣϯʹ੬ऑੑ͕͋Ε AWSͷೝূใΛ֎෦͔ΒऔಘͰ͖Δ • ೖྗͷݕূ͍ͬͯ͠….