Official Bucket Discussion

Got creds, got s* access: I am able to Alert the web page - I can upload whatever I want and got this weird javascript shell running - But other than that, i’m pretty stuck. s* can communicate with the domain.

Once you’re able to run things on the web page - what’s next ? Printing an alert is cool and all but i’d want a user shell instead :wink:

any help please ? :open_mouth:

Yeah, I don’t understand this at all.

  • Trying to understand the service works and how it can communicate with the primary domain.

Foothold

If you can put it in the bucket you should be able to get it by other means

User

Enum and when you find it you’ll know what to do

Root

Enum. If you cannot access it from outside you might have better luck inside.

Hi everybody,

I’m stuck trying to get foothold, I found the a******r b****t, I found its owner w*****e and the incorrect acl. Enumerating, I found s***l and h***th, I found the credentials (as anybody else in my position) and now I’m trying to find a place to use them, but with no luck. S*s and i*m services seems to both be disabled, and the h***th page confirms that. I tried anything, from vhosts to paths and files.

Can anyone pm me an hint?

Thanks in advance!

Rooted. Fun box once I learnt how to use the tool for foothold. PM for a nudge but be prepared to tell me what you’ve tried.

In the same spot as bernardmarx above.

Anyone who PMs me with hints would be appreciated.

Rooted, thanks to @twh for the hints

For those trying to get a foothold, look back at the post by @0xEEX75 there is a link.

Finally rooted, for me user was the hardest part because I am not too familiar with *** and I didn’t know those services could run outside of the real A…Z infrastructure.

You need to get familiar with the famous command line tool that they use and, regarding what I just said, be aware of the flags to take into account where exactly is the stuff you are looking at. Use the help for this and read.

Once on the box this is more familiar territory which is why it was easier for me. A bit of enumeration should show you and application which you should look at as if it were an HTB challenge.

yeah well I’m just stupid. Got a shell finally :confused:

Edit: Turns out I went down an unintended path.

oh man what a crazy box. Just rooted, honestly this box felt like Registry 2.0 but instead of docker it was something else haha

So much doc review!!!

Rooted but not easy, if you don’t have experience in a*s.
a lot os document to read.
PM me if you need some hint.

Spoiler Removed

Type your comment> @JKLOVE said:

how to use DynamoDB JavaScript Shell it’s too hard
I’ve done a lot of enumerations I can’t find credentials

@c4ph00k said:
Rooted but not easy, if you don’t have experience in a*s.
a lot os document to read.
PM me if you need some hint.

PM me

I have so far discovered 2 ways to do each step. This box is growing on me, I like that there are multiple paths to take.

Type your comment> @JKLOVE said:

how to use DynamoDB JavaScript Shell it’s too hard
I’ve done a lot of enumerations I can’t find credentials

@c4ph00k said:
Rooted but not easy, if you don’t have experience in a*s.
a lot os document to read.
PM me if you need some hint.

It doesn’t have to be, there is something much simpler than that.

Rooted. This was a fun box. I got stuck a bit on initial foothold but user and root were relatively easy.

Type your comment> @0xEEX75 said:

  • Trying to understand the service works and how it can communicate with the primary domain.

Is there any good documentation/reference I should be looking at for this? I don’t have a ton of experience on this side of things, and I’m trying to dig out what I can, but it’s been a struggle finding the right information.