This is security demo about SSRF on AWS
Step 1) Check the availability of these cars
Fiat
Ford
Audi
check if available
s3-role
Step 2) Find the vulnerability
Step 3) Run the attacker links
Attack 1:
check localhost
(it should fail)
Attack 2:
check if this is a AWS environment
(this should work)
(explanation)
Attack 3:
check if a role is attached to this AWS entity
(this should work)
Attack 4:
steal AWS credentials for this role
(this should work)