I think Iāve managed to find some credentials on AWS s3 bucket but they look like dummy credentials? so far pretty confused on what to do? Can I DM someone about this? Thank you.
Been reading docs for ages now lol.
Sometimes you can do lots of things without creds, e.g. exploring as youāve done passively. But what active enum have you tried?
Iāve mostly been messing around with a*s-c*i and trying to check if itās misconfigured, Iāve also done directory busting on it, Iāve so far found /s**ll (dyn*m**b) and, I also read a lot about the a*s SDK for dyn*m**b to see if i could do something with it - I could not, as far as I am aware. Although for some reason inst*nce meta-d**a returned IAM credentials/keys, as far I was concerned this is a s* bucket, NOT a ec* instance.
Iām pretty stuck right now, Iām fairly new to AWS but this machine has already made me learn plethora of things about the service!
Iāve read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff Iām able to enumerate is mostly regurgitated information that doesnāt seem to help. Maybe Iām going about wrong here?
Just rooted. It was very close to real life. I think itās a hard box. You have to be master of database. You should use your knowledge to show bond creativity.
Good luck!
Iām pretty stuck right now, Iām fairly new to AWS but this machine has already made me learn plethora of things about the service!
Youāre definitely on the right track. Maybe step back for a moment and consider how the s* service is used as a part of the overall architecture of the site. It isnāt just for the dyn*m**b UI.
Iāve read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff Iām able to enumerate is mostly regurgitated information that doesnāt seem to help. Maybe Iām going about wrong here?
It is quite a lot of work to learn it, and then in this environment to have to use some of the more obscure flags to override defaults makes it even tricker. But keep at it, it sounds like youāre starting to get the big picture which is what this box is all about.
Iām pretty stuck right now, Iām fairly new to AWS but this machine has already made me learn plethora of things about the service!
Youāre definitely on the right track. Maybe step back for a moment and consider how the s* service is used as a part of the overall architecture of the site. It isnāt just for the dyn*m**b UI.
Iāve read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff Iām able to enumerate is mostly regurgitated information that doesnāt seem to help. Maybe Iām going about wrong here?
It is quite a lot of work to learn it, and then in this environment to have to use some of the more obscure flags to override defaults makes it even tricker. But keep at it, it sounds like youāre starting to get the big picture which is what this box is all about.
Thank you so much for the clarification! I was having some difficulties with wondering if I was in a rabbit hole or not! This box seems really neat with a well executed concept so far.
The biggest issue I found was how quickly you need to work. Scripting is a winner.
It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.
Do you mean that it is accessible from the main domain once uploaded to the bucket?
The biggest issue I found was how quickly you need to work. Scripting is a winner.
It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.
Do you mean that it is accessible from the main domain once uploaded to the bucket?
Well I can upload whatever i want but isnāt s# for static content only? so I donāt get what u meanā¦ i already tried every single cli commands related to s#/##api etcā¦ but maybe iām missing somethingā¦ can you pm me?
Hmmmm. Much like others, I can move files around to s* bucket but canāt seem to find a path forward. I have tried multiple shells. Any nudges would be appreciated.
Nice box so far. Learned a lot about āBuckets!ā