Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSRFとmetadata

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Yuya Asato Yuya Asato
January 19, 2019
Research
0
220

 SSRFとmetadata

2018/01/19に行われたJAWS-UG沖縄の登壇資料です。
https://jaws-ug-okinawa.doorkeeper.jp/events/85333

Avatar for Yuya Asato

Yuya Asato

January 19, 2019
Tweet

More Decks by Yuya Asato

See All by Yuya Asato
フルクラウド環境下でのペネトレーションテスト
Avatar for Yuya Asato 328
3
1.5k
JAWS DAYS 2018 LT
Avatar for Yuya Asato 328
0
46

Other Decks in Research

See All in Research
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
320
AI Agentの精度改善に見るML開発との共通点 / commonalities in accuracy improvements in agentic era
Avatar for shimacos shimacos
3
1.2k
HoliTracer:Holistic Vectorization of Geographic Objects from Large-Size Remote Sensing Imagery
Avatar for SatAI.challenge satai
3
600
ForestCast: Forecasting Deforestation Risk at Scale with Deep Learning
Avatar for SatAI.challenge satai
3
380
情報技術の社会実装に向けた応用と課題:ニュースメディアの事例から / appmech-jsce 2025
Avatar for Shotaro Ishihara upura
0
310
超高速データサイエンス
Avatar for Yusuke Matsui matsui_528
2
380
SREのためのテレメトリー技術の探究 / Telemetry for SRE
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
13
3k
AWSの耐久性のあるRedis互換KVSのMemoryDBについての論文を読んでみた
Avatar for bootjp / ぶーと bootjp
1
450
AIスパコン「さくらONE」の
オブザーバビリティ / Observability for AI Supercomputer SAKURAONE
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
2
1.1k
20251023_くまもと21の会例会_「車1割削減、渋滞半減、公共交通2倍」をめざして.pdf
Avatar for Traffic Brain trafficbrain
0
180
A History of Approximate Nearest Neighbor Search from an Applications Perspective
Avatar for Yusuke Matsui matsui_528
1
150
Collective Predictive Coding and World Models in LLMs: A System 0/1/2/3 Perspective on Hierarchical Physical AI (IEEE SII 2026 Plenary Talk)
Avatar for Tadahiro Taniguchi tanichu
1
240

Featured

See All Featured
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
Avatar for Aleyda Solis aleyda
2
9.5k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
408
66k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.2k
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
380
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
Avatar for Tech SEO Connect techseoconnect
PRO
0
55
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
51k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
410
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.6k
Between Models and Reality
Avatar for mayunak mayunak
1
180
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
196
71k

Transcript

  1. SSRFͱmetadata JAWS-UGԭೄ
 2018.01.19
 Core Member YUYA ASATO 
 @328__

  2. ࣗݾ঺հ • Name : ҆ཬ ༔໼
 Twitter : @328__
 JAWS-UGԭೄ

    ίΞϝϯόʔ • ීஈ͸ηΩϡϦςΟͳ
 ͓࢓ࣄΛͯ͠·͢

  3. AWSͷ੹೚ڞ༗Ϟσϧ https://aws.amazon.com/jp/compliance/shared-responsibility-model/

  4. IAM ϩʔϧ࢖ͬͯ·͔͢ʁ

  5. IAM
 (Identity and Access Management) AWSαʔϏεͷૢ࡞ΛΑΓηΩϡΞʹߦ͏ͨΊͷ
 ೝূɾೝՄͷ࢓૊Έ *".Ϣʔβ *".ϩʔϧ -

    ϚωδϝϯτίϯιʔϧͷϩάΠϯ - ར༻ऀ(User)୯ҐͰ࡞੒ - αʔϏε୯ҐͰAWSૢ࡞ݖݶΛ෇༩

  6. IAMϩʔϧΛ࢖͏ϝϦοτ • IAMϢʔβΑΓ΋ೝূ৘ใͷ؅ཧָ͕ • ೝূ৘ใͷࣗಈߋ৽͕Մೳ • ΞϓϦέʔγϣϯ΁ͷϋʔυίʔσΟϯά๷ࢭ

  7. IAMϩʔϧͱmetadata • ԼهͷURLʹcredentials͕ଘࡏ
 http://169.254.169.254/latest/meta-data/iam/security- credentials/ • ͜͜ʹcredentials͕ೖ͍ͬͯΔͷͰAWS CLI ΍AWS SDK͕ར༻Ͱ͖Δ

    metadataΛಡΈࠐΉ͜ͱͰ
 AWSϦιʔε΁ͷΞΫηε͕Մೳ https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

  8. IAM Roleͷར༻ = ҆શʁ • ೝূ৘ใΛਓ͕ؒ؅ཧ͠ͳ͍෼ʹ͸҆શ • ֎෦͔ΒmetadataʹΞΫηεͰ͖ͯ͠·͑͹ ೝূ৘ใΛ઄औ͢Δ͜ͱ͸Մೳ

  9. SSRF
 (Server Side Request Forgery) • ߈ܸऀ͔Β௚઀౸ୡͰ͖ͳ͍αʔόʹ
 ର͢Δ߈ܸख๏

  10. SSRFΛར༻ͨ͠ೝূ৘ใͷऔಘ demo

  11. ରࡦ • Ͱ͖Δ͜ͱͳΒϢʔβ͔ΒURL,ύεͷೖྗΛड͚෇͚ͳ͍ • ڐՄ͞ΕͨURLͷҰཡදʢϗϫΠτϦετʣΛ࡞੒ͯ͠Ξ ΫηεͰ͖ΔൣғΛݶఆ͢Δ • Ϩεϙϯεͷݕূͱ͔΋΍ͬͨ΄͏͕͍͍ʁ • IAMϩʔϧʹ෇༩͢ΔݖݶΛ࠷খԽ


    AdministratorAccessͱ͔౉ͪ͠Όμϝ…

  12. ରࡦͷ೉͠͞ • αʔϏεͰAWSSDK࢖ͬͯͨΓ͢Δͱ
 firewalldͰϒϩοΫͰ͖ͳ͍ • ೖྗ஋ΛϑΟϧλ͢Δͷ΋ͳ͔ͳ͔೉͍͠
 8ਐ਺, 16ਐ਺ͷࠞࡏදه΋Ͱ͖Δ
 http://0xA9FEA9FE
 http://0xA9.0xFE.0xA9.0xFE


    http://0251.0376.0251.0376
 http://0xA9.0376.0251.0xFE

  13. ࡶײ • WebΞϓϦέʔγϣϯʹ੬ऑੑ͕͋Ε͹
 AWSͷೝূ৘ใΛ֎෦͔ΒऔಘͰ͖Δ • ೖྗ஋ͷݕূͬͯ೉͍͠….