Official Bucket Discussion

Type your comment> @beefsprocket said:

Type your comment> @PapyrusTheGuru said:

I think Iā€™ve managed to find some credentials on AWS s3 bucket but they look like dummy credentials? so far pretty confused on what to do? Can I DM someone about this? Thank you.

Been reading docs for ages now lol.

Sometimes you can do lots of things without creds, e.g. exploring as youā€™ve done passively. But what active enum have you tried?

Iā€™ve mostly been messing around with a*s-c*i and trying to check if itā€™s misconfigured, Iā€™ve also done directory busting on it, Iā€™ve so far found /s**ll (dyn*m**b) and, I also read a lot about the a*s SDK for dyn*m**b to see if i could do something with it - I could not, as far as I am aware. Although for some reason inst*nce meta-d**a returned IAM credentials/keys, as far I was concerned this is a s* bucket, NOT a ec* instance.
Iā€™m pretty stuck right now, Iā€™m fairly new to AWS but this machine has already made me learn plethora of things about the service!

Iā€™ve read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff Iā€™m able to enumerate is mostly regurgitated information that doesnā€™t seem to help. Maybe Iā€™m going about wrong here?

Just rooted. It was very close to real life. I think itā€™s a hard box. You have to be master of database. You should use your knowledge to show bond creativity.
Good luck!

Type your comment> @PapyrusTheGuru said:

Iā€™m pretty stuck right now, Iā€™m fairly new to AWS but this machine has already made me learn plethora of things about the service!

Youā€™re definitely on the right track. Maybe step back for a moment and consider how the s* service is used as a part of the overall architecture of the site. It isnā€™t just for the dyn*m**b UI.

Iā€™ve read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff Iā€™m able to enumerate is mostly regurgitated information that doesnā€™t seem to help. Maybe Iā€™m going about wrong here?

It is quite a lot of work to learn it, and then in this environment to have to use some of the more obscure flags to override defaults makes it even tricker. But keep at it, it sounds like youā€™re starting to get the big picture which is what this box is all about.

Type your comment> @beefsprocket said:

Type your comment> @PapyrusTheGuru said:

Iā€™m pretty stuck right now, Iā€™m fairly new to AWS but this machine has already made me learn plethora of things about the service!

Youā€™re definitely on the right track. Maybe step back for a moment and consider how the s* service is used as a part of the overall architecture of the site. It isnā€™t just for the dyn*m**b UI.

Iā€™ve read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff Iā€™m able to enumerate is mostly regurgitated information that doesnā€™t seem to help. Maybe Iā€™m going about wrong here?

It is quite a lot of work to learn it, and then in this environment to have to use some of the more obscure flags to override defaults makes it even tricker. But keep at it, it sounds like youā€™re starting to get the big picture which is what this box is all about.

Thank you so much for the clarification! I was having some difficulties with wondering if I was in a rabbit hole or not! This box seems really neat with a well executed concept so far.

@HomeSen said:
@TazWake said:

The biggest issue I found was how quickly you need to work. Scripting is a winner.

It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.

Do you mean that it is accessible from the main domain once uploaded to the bucket?

Type your comment> @syn4ps said:

@HomeSen said:
@TazWake said:

The biggest issue I found was how quickly you need to work. Scripting is a winner.

It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.

Do you mean that it is accessible from the main domain once uploaded to the bucket?

OK, just have to wait a bit :slight_smile: Thanks @TazWake

Got initial foothold!
Onto User :slight_smile:

Can anyone help me with bucket

@zatch3301 said:

Can anyone help me with bucket

It depends on what the problem is.

I started the bucket box got second page also got the concept.
stuck on Buc***-name. PM me

Hey Iā€™m stuck on foothold. I can change the main page but I donā€™t seem to understand how I can get a shell. Can someone PM me for help?

Type your comment> @ldsec said:

Hey Iā€™m stuck on foothold. I can change the main page but I donā€™t seem to understand how I can get a shell. Can someone PM me for help?

me too, i got creds from dyno and im able to load js but i still canā€™t get a shell or RCEā€¦ any hint?
Ty

@hetan check what you can do with the environment youā€™re in.
Buckets need to get their files in there somehow :slight_smile:

Well I can upload whatever i want but isnā€™t s# for static content only? so I donā€™t get what u meanā€¦ i already tried every single cli commands related to s#/##api etcā€¦ but maybe iā€™m missing somethingā€¦ can you pm me?

@hetan said:

Well I can upload whatever i want but isnā€™t s# for static content only?

Iā€™d test this rather than assuming it was correct.

Type your comment> @TazWake said:

@hetan said:

Well I can upload whatever i want but isnā€™t s# for static content only?

Iā€™d test this rather than assuming it was correct.

ā€¦ well sometimes you have to think outside the box :sweat_smile:

Rooted :smiley:

Foothold:

simple enumeration will guide you in the right place
Enum the right place
Docs

User:

And you already have it

root:

Easiest part. the traditional scritps will bloat your screen, you should notice that! (examine the folder. you could not do that before)

Any nudges just ask :wink:

Damnnn finally i rooted this box! It was funny and root was interesting :smiley:

Hmmmm. Much like others, I can move files around to s* bucket but canā€™t seem to find a path forward. I have tried multiple shells. Any nudges would be appreciated.

Nice box so far. Learned a lot about ā€œBuckets!ā€

Root !

Other small hints :

Access/User :
Donā€™t hesitate to spam F5, it doesnā€™t stay longā€¦

Root :
You ā€œjustā€ need to chain commands on the box with the right payload :slight_smile: