Graham Sutherland / PolynomialMay 20
fun trick: if someone gives a hosted LLM a skill that lets it fetch web pages (directly, not through some third party scraper service) and it's hosted on AWS, you can often trick it into fetching data from the AWS instance metadata server (IMDS) at 169.254.169.254 / [fd00:ec2::254]. the higher end models tend to refuse if you give the IP, but you can just spin up a domain with A/AAAA records pointing at that IP and request that instead. if IMDSv1 isn't disabled you can get secrets out of it.
Show threadkajer :unknown:

@gsuberland

fun times with https://www.man7.org/linux/man-pages/man3/inet.3.html

169.254.169.254 can also be -

2852039166
0xA9FEA9FE
a9.fe.a9.fe
or
251.376.251.376

just incase someone tried to be clever and prohibit queries about 169.254 addresses

inet(3) - Linux manual page

May 20 at 9:49pmWeb
Show threadJernej Simončič �May 20
@kajer @gsuberland The last two are missing 0x's and 0's in front of every group; and you can also mix them up, eg. 0xa9.0376.43518
Show threadkajer :unknown:May 20

@jernej__s @gsuberland

I did forget that you can mix and match... I love inet(3)

Show threadAMSMay 21
@kajer @gsuberland 0251.0376.0251.0376 is likely what you need for the last one. (Need the leading zeros to make it understand octal.