Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

DigitalOcean Metadata Service Check

By kannthu

Critical
Vidoc logoVidoc Module
#exposure#config#digitalocean#proxy#misconfig
Description

What is the DigitalOcean Metadata Service Check?

The DigitalOcean Metadata Service Check is a module designed to detect misconfigurations in the DigitalOcean host. It specifically focuses on the DigitalOcean metadata service and checks for exposure through a misconfigured proxy. This module is critical in severity and can help identify potential vulnerabilities in the DigitalOcean infrastructure.

Impact

If a misconfigured proxy is detected, it could potentially expose sensitive information from the DigitalOcean metadata service. This could include details such as droplet IDs, which can be used by attackers to gain unauthorized access or perform further attacks on the host.

How the module works?

The DigitalOcean Metadata Service Check module sends an HTTP request to the target host, specifically to the /metadata/v1.json endpoint. It checks the response body for the presence of the keyword "droplet_id". If this keyword is found, it indicates that the metadata service is exposed through a misconfigured proxy.

Here is an example of the HTTP request sent by the module:

GET http://<hostval>/metadata/v1.json HTTP/1.1
Host: <hostval>

The module uses the <hostval> payload value, which can be either "aws.oast.online" or "169.254.169.254". This allows the module to test different hosts for potential misconfigurations.

If the matching condition is met and the keyword "droplet_id" is found in the response body, the module will report a vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: droplet_id
Passive global matcher
No matching conditions.
On match action
Report vulnerability