Abusing RCE to Access EC2 Instance Metadata (IMDSv1/IMDSv2) and Steal IAM Role Credentials