IMDS Exploration Terminal Challenge

Troll Introduction

Help Noxious O'Dor in Jack's Executive Restroom

Hey, this is the executive restroom. Wasn't that door closed?
I’m Noxious O’Dor. And I’ve gotta say, I think that Jack Frost is just messed up.
I mean, I'm no expert, but his effort to "win" against Santa by going bigger and bolder seems bad.
You know, I’m having some trouble with this IMDS exploration. I’m hoping you can give me some help in solving it.
If you do, I’ll be happy to trade you for some hints on SSRF! I’ve been studying up on that and have some good ideas on how to attack it!

Open the Terminal

Open the IMDS Exploration terminal in Jack's Restroom

Solution

This challenge is simply a tutorial on IMDS and there are no problems to solve. Simply open the terminal and go through the steps to learn about IDMS (which will be useful for Objective 10).

Completion

Talk to Noxious to receive hints for Objective 10) Now Hiring!

Phew! That is something extra! Oh, and you solved the challenge too? Great!
Cloud assets are interesting targets for attackers. Did you know they automatically get IMDS access?
I'm very concerned about the combination of SSRF and IMDS access.
Did you know it's possible to harvest cloud keys through SSRF and IMDS attacks?
Dr. Petabyte told us, "anytime you see URL as an input, test for SSRF."
With an SSRF attack, we can make the server request a URL. This can reveal valuable data!
The AWS documentation for IMDS is interesting reading.