Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Hetzner Cloud Metadata Service Check

By kannthu

Critical
Vidoc logoVidoc Module
#exposure#config#hetzner#proxy#misconfig
Description

What is the Hetzner Cloud Metadata Service Check?

The Hetzner Cloud Metadata Service Check is a module designed to detect misconfigurations in the Hetzner Cloud host. It targets the Hetzner Cloud metadata service and checks if the host is configured as a proxy, which could potentially allow unauthorized access to the instance metadata service. This module is classified as critical due to the potential impact it can have on the host and infrastructure.

Author: sullo

CWE-ID: CWE-441

CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CVSS-Score: 9.3

Impact

If the Hetzner Cloud host is misconfigured as a proxy, it can allow significant access to the host and infrastructure. This can potentially lead to unauthorized access, data breaches, and other security risks.

How does the module work?

The Hetzner Cloud Metadata Service Check module sends an HTTP request to the Hetzner Cloud metadata service endpoint http://<hostval>/v1/metadata/private-networks. It checks the response body for specific keywords such as "alias_ips:", "local-ipv4:", and "instance-id:". If any of these keywords are found, the module considers the host to be misconfigured as a proxy.

Example HTTP request:

GET http://<hostval>/v1/metadata/private-networks HTTP/1.1
Host: <hostval>

The module uses the following matching conditions:

- If the response body contains any of the specified keywords ("alias_ips:", "local-ipv4:", "instance-id:"), the module considers it a match.

Note: The <hostval> placeholder in the HTTP request is replaced with the actual values specified in the module's payload.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: alias_ips:, local-ipv4:, instance-id:
Passive global matcher
No matching conditions.
On match action
Report vulnerability