Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSRFとmetadata

Yuya Asato
January 19, 2019
Research
0
220

 SSRFとmetadata

2018/01/19に行われたJAWS-UG沖縄の登壇資料です。
https://jaws-ug-okinawa.doorkeeper.jp/events/85333

Yuya Asato

January 19, 2019
Tweet

More Decks by Yuya Asato

See All by Yuya Asato
フルクラウド環境下でのペネトレーションテスト
328
3
1.2k
JAWS DAYS 2018 LT
328
0
43

Other Decks in Research

See All in Research
Batch Processing Algorithm for Elliptic Curve Operations and Its AVX-512 Implementation
herumi
0
110
JSAI NeurIPS 2024 参加報告会(AI アライメント)
akifumi_wachi
5
840
情報処理学会関西支部2024年度定期講演会「自然言語処理と大規模言語モデルの基礎」
ksudoh
10
2.5k
ナレッジプロデューサーとしてのミドルマネージャー支援 - MIMIGURI「知識創造室」の事例の考察 -
chiemitaki
0
220
Intrinsic Self-Supervision for Data Quality Audits
fabiangroeger
0
310
非ガウス性と非線形性に基づく統計的因果探索
sshimizu2006
0
540
PetiteSRE_GenAIEraにおけるインフラのあり方観察
ichichi
0
270
論文紹介: COSMO: A Large-Scale E-commerce Common Sense Knowledge Generation and Serving System at Amazon (SIGMOD 2024)
ynakano
1
390
Evaluating Tool-Augmented Agents in Remote Sensing Platforms
satai
3
150
[輪講] Transformer Layers as Painters
nk35jk
4
670
メールからの名刺情報抽出におけるLLM活用 / Use of LLM in extracting business card information from e-mails
sansan_randd
2
420
Weekly AI Agents News! 10月号 論文のアーカイブ
masatoto
1
510

Featured

See All Featured
The Cost Of JavaScript in 2023
addyosmani
47
7.3k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
250
How to Think Like a Performance Engineer
csswizardry
22
1.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Mobile First: as difficult as doing things right
swwweet
223
9.3k
Making Projects Easy
brettharned
116
6k
A designer walks into a library…
pauljervisheath
205
24k
Scaling GitHub
holman
459
140k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
4 Signs Your Business is Dying
shpigford
182
22k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
350

Transcript

  1. SSRFͱmetadata JAWS-UGԭೄ
 2018.01.19
 Core Member YUYA ASATO 
 @328__

  2. ࣗݾ঺հ • Name : ҆ཬ ༔໼
 Twitter : @328__
 JAWS-UGԭೄ

    ίΞϝϯόʔ • ීஈ͸ηΩϡϦςΟͳ
 ͓࢓ࣄΛͯ͠·͢

  3. AWSͷ੹೚ڞ༗Ϟσϧ https://aws.amazon.com/jp/compliance/shared-responsibility-model/

  4. IAM ϩʔϧ࢖ͬͯ·͔͢ʁ

  5. IAM
 (Identity and Access Management) AWSαʔϏεͷૢ࡞ΛΑΓηΩϡΞʹߦ͏ͨΊͷ
 ೝূɾೝՄͷ࢓૊Έ *".Ϣʔβ *".ϩʔϧ -

    ϚωδϝϯτίϯιʔϧͷϩάΠϯ - ར༻ऀ(User)୯ҐͰ࡞੒ - αʔϏε୯ҐͰAWSૢ࡞ݖݶΛ෇༩

  6. IAMϩʔϧΛ࢖͏ϝϦοτ • IAMϢʔβΑΓ΋ೝূ৘ใͷ؅ཧָ͕ • ೝূ৘ใͷࣗಈߋ৽͕Մೳ • ΞϓϦέʔγϣϯ΁ͷϋʔυίʔσΟϯά๷ࢭ

  7. IAMϩʔϧͱmetadata • ԼهͷURLʹcredentials͕ଘࡏ
 http://169.254.169.254/latest/meta-data/iam/security- credentials/ • ͜͜ʹcredentials͕ೖ͍ͬͯΔͷͰAWS CLI ΍AWS SDK͕ར༻Ͱ͖Δ

    metadataΛಡΈࠐΉ͜ͱͰ
 AWSϦιʔε΁ͷΞΫηε͕Մೳ https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

  8. IAM Roleͷར༻ = ҆શʁ • ೝূ৘ใΛਓ͕ؒ؅ཧ͠ͳ͍෼ʹ͸҆શ • ֎෦͔ΒmetadataʹΞΫηεͰ͖ͯ͠·͑͹ ೝূ৘ใΛ઄औ͢Δ͜ͱ͸Մೳ

  9. SSRF
 (Server Side Request Forgery) • ߈ܸऀ͔Β௚઀౸ୡͰ͖ͳ͍αʔόʹ
 ର͢Δ߈ܸख๏

  10. SSRFΛར༻ͨ͠ೝূ৘ใͷऔಘ demo

  11. ରࡦ • Ͱ͖Δ͜ͱͳΒϢʔβ͔ΒURL,ύεͷೖྗΛड͚෇͚ͳ͍ • ڐՄ͞ΕͨURLͷҰཡදʢϗϫΠτϦετʣΛ࡞੒ͯ͠Ξ ΫηεͰ͖ΔൣғΛݶఆ͢Δ • Ϩεϙϯεͷݕূͱ͔΋΍ͬͨ΄͏͕͍͍ʁ • IAMϩʔϧʹ෇༩͢ΔݖݶΛ࠷খԽ


    AdministratorAccessͱ͔౉ͪ͠Όμϝ…

  12. ରࡦͷ೉͠͞ • αʔϏεͰAWSSDK࢖ͬͯͨΓ͢Δͱ
 firewalldͰϒϩοΫͰ͖ͳ͍ • ೖྗ஋ΛϑΟϧλ͢Δͷ΋ͳ͔ͳ͔೉͍͠
 8ਐ਺, 16ਐ਺ͷࠞࡏදه΋Ͱ͖Δ
 http://0xA9FEA9FE
 http://0xA9.0xFE.0xA9.0xFE


    http://0251.0376.0251.0376
 http://0xA9.0376.0251.0xFE

  13. ࡶײ • WebΞϓϦέʔγϣϯʹ੬ऑੑ͕͋Ε͹
 AWSͷೝূ৘ใΛ֎෦͔ΒऔಘͰ͖Δ • ೖྗ஋ͷݕূͬͯ೉͍͠….