IMDS Exploration
Shown in Report
Noxious ODor is standing next to a Terminal and a ... golden? ... toilet.
Objective Image
Back
Challenge
πŸŽ„πŸŽ„πŸŽ„ Prof. Petabyte here. In this lesson you'll continue to build your cloud asset skills,
πŸŽ„πŸŽ„πŸŽ„ interacting with the Instance Metadata Service (IMDS) using curl.
πŸŽ„πŸŽ„πŸŽ„
πŸŽ„πŸŽ„πŸŽ„ If you get stuck, run 'hint' for assitance.
πŸŽ„πŸŽ„πŸŽ„

The Instance Metadata Service (IMDS) is a virtual server for cloud assets at the IP address
169.254.169.254. Send a couple ping packets to the server.
Solution

First we ping the IMDS

ping 169.254.169.254

And we follow the hint system (The commands you'll need to enter are shown by the hint system)

curl http://169.254.169.254
curl http://169.254.169.254/latest
curl http://169.254.169.254/latest/dynamic
curl http://169.254.169.254/latest/dynamic/instance-identity/document
curl http://169.254.169.254/latest/dynamic/instance-identity/document | jq
curl http://169.254.169.254/latest/meta-data
curl http://169.254.169.254/latest/meta-data/hostname
curl http://169.254.169.254/latest/meta-data/hostname ; echo
curl http://169.254.169.254/latest/meta-data/iam/security-credentials
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/elfu-deploy-role

Let’s switch over to IMDSv2 which uses token for authentication

elfu@0c4829dafe5e:~$ cat gettoken.sh 
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
source gettoken.sh
echo $TOKEN
curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/region