Hacker News new | past | comments | ask | show | jobs | submit login
Stunner – tool to test and exploit STUN, TURN and TURN over TCP servers (github.com/firefart)
115 points by maydemir on April 26, 2022 | hide | past | favorite | 5 comments



A handy-looking tool. In cloud infrastructure having a server side request forgery vulnerability can be fatal as it allows accessing the metadata service. Capital One was owned through one.

This tool allows turning vulnerable victim systems into a proxies which allows accessing systems in the internal network, including the metadata service.

Great R&D work!


I’m not a security researcher, but a normal backend dev (possibly) This comment intrigued me and led me down the typically great HN rabbit-hole.

I found a couple of sources related to this, fascinating, thank you!

https://www.techtarget.com/searchsecurity/news/252467901/Cap...

https://www.shellntel.com/blog/2019/8/27/aws-metadata-endpoi...

I knew about SSRFs, but the ability of attackers to pivot and stack and chain minor vulnerabilities continues to amaze me.

I hope AWS mitigated this metadata endpoint weakness by now.


> I hope AWS mitigated this metadata endpoint weakness by now.

AWS offers a version 2 of the Instance Metadata Service (IMDS) API that includes mitigations for many common SSRF attacks.

IIRC both IMDSv1 and IMDSv2 are turned on by default and it's a recommended AWS best practice to disable IMDSv1 when launching new instances.

https://aws.amazon.com/blogs/security/defense-in-depth-open-...


Why isn’t best practice the default?


Backwards compatibility. Lots of legacy cloud infra and infrastructure as code written out there.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: