Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Cloud Config File Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#cloud#devops#files
Description

What is "Cloud Config File Exposure?"

The "Cloud Config File Exposure" module is designed to detect misconfigurations in cloud environments that may expose sensitive configuration files. It targets cloud-based systems and applications that utilize cloud configuration files. This module has a medium severity level.

Author: DhiyaneshDK, Hardik-Solanki

Impact

If a cloud configuration file is exposed, it can potentially lead to unauthorized access and compromise of sensitive information. Attackers may gain access to credentials, API keys, or other sensitive data stored in these files, which can be used to further exploit the system or launch targeted attacks.

How the module works?

The "Cloud Config File Exposure" module works by sending HTTP requests to specific paths in the target system, such as "/cloud-config.yml" or "/core-cloud-config.yml". It then applies matching conditions to determine if the response contains certain keywords, such as "ssh_authorized_keys" or "#cloud-config". Additionally, it checks if the response status is 200 (OK).

Example HTTP request:

GET /cloud-config.yml

The module matches the response against the following conditions:

- The response must contain all the specified keywords ("ssh_authorized_keys" and "#cloud-config"). - The response status must be 200 (OK).

If both conditions are met, the module reports a vulnerability indicating that the cloud configuration file is exposed.

Reference: https://www.exploit-db.com/ghdb/7959

Metadata: verified: true, shodan-query: html:"cloud-config.yml"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cloud-config.yml/core-cloud-config.y.../cloud-config.txt
Matching conditions
word: ssh_authorized_keys, #cloud-configand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability