You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 16, 2022. It is now read-only.
Most of these are pretty useless to an attacker, apart from the ones marked with arrows.
Another thing to note: these are only useful against aws servers, these likely won't be defined on anything else. For other servers you could still use some common environment variables to learn more about the server:
Linux environment variables are a lot more useful; pretty much all of them can be used to tell what software is installed/running and what versions they are running at.
MacOS:
Nobody runs a server on mac.
These other environment variables aren't very useful on their own but you can use them to find other vulnerable software running on the server, potentially leading to another exploit.
I can submit a pr to add these to the repo if they're useful.
Thanks for the information, There were no other pull or issue request regarding this issue.
I will close this issue for now, if you have any more information or questions please let me know.
hi,
here's a feature wish: would be great to have a collection of environment variables which get scrapped by attackers like it's partly done here: https://twitter.com/Laughing_Mantis/status/1469789508535087104?s=20
there will probably be more juicy targets and it helps to know where the great reset has to be done after patching.
regards
arnim
The text was updated successfully, but these errors were encountered: