☁️ CloudCtrl Dashboard

PRACIVO LAB — INTENTIONALLY VULNERABLE
Dashboard Config API S3 Buckets IMDS IAM Roles
⚠️ Pracivo Security Lab — Exposed AWS keys in /api/config, S3 listing without auth, IMDS simulation, IAM misconfig.

IMDS — Instance Metadata Service Simulation

Simulates AWS IMDS at 169.254.169.254. In SSRF attacks, the server is tricked into fetching this endpoint.
Current path: /latest/meta-data/instance-id 

i-0abc123def456789
Root IAM Credentials Instance ID Internal IP

In a real SSRF attack: make the vulnerable server (like /webhook on port 8085) fetch http://169.254.169.254/latest/meta-data/iam/security-credentials/ec2-role