IMDS Credential Theft
Metadata services expose temporary credentials to workloads. Drill retrieving them and proving access without touching a real cloud account.
Query the simulated provider metadata service, handle IMDSv2 tokens or provider-specific headers, extract temporary credentials, and use them against the protected local resource.
Variants cover AWS IMDSv1, AWS IMDSv2, GCP Metadata-Flavor, and Azure Metadata header flows.
What you'll practice
IMDScloud metadatacredential theftAWSGCPAzure
medium
IMDS Credential Theft
Metadata services expose temporary credentials to workloads. Drill retrieving them and proving access without touching a real cloud account.
Objective
Recover the flag at /root/flag.txt and submit it.
Drill this now
Spin up a live isolated target and start practicing in seconds — free.