Official Bucket Discussion

Type your comment> @beefsprocket said:

Type your comment> @PapyrusTheGuru said:

I’m pretty stuck right now, I’m fairly new to AWS but this machine has already made me learn plethora of things about the service!

You’re definitely on the right track. Maybe step back for a moment and consider how the s* service is used as a part of the overall architecture of the site. It isn’t just for the dyn*m**b UI.

I’ve read documentation on s*, a*s-c*i, seen CTF writeups which involve that particular service, and even some talks, blogs etc. Most of the stuff I’m able to enumerate is mostly regurgitated information that doesn’t seem to help. Maybe I’m going about wrong here?

It is quite a lot of work to learn it, and then in this environment to have to use some of the more obscure flags to override defaults makes it even tricker. But keep at it, it sounds like you’re starting to get the big picture which is what this box is all about.

Thank you so much for the clarification! I was having some difficulties with wondering if I was in a rabbit hole or not! This box seems really neat with a well executed concept so far.

@HomeSen said:
@TazWake said:

The biggest issue I found was how quickly you need to work. Scripting is a winner.

It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.

Do you mean that it is accessible from the main domain once uploaded to the bucket?

Type your comment> @syn4ps said:

@HomeSen said:
@TazWake said:

The biggest issue I found was how quickly you need to work. Scripting is a winner.

It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.

Do you mean that it is accessible from the main domain once uploaded to the bucket?

OK, just have to wait a bit :slight_smile: Thanks @TazWake

Got initial foothold!
Onto User :slight_smile:

Can anyone help me with bucket

@zatch3301 said:

Can anyone help me with bucket

It depends on what the problem is.

I started the bucket box got second page also got the concept.
stuck on Buc***-name. PM me

Hey I’m stuck on foothold. I can change the main page but I don’t seem to understand how I can get a shell. Can someone PM me for help?

Type your comment> @ldsec said:

Hey I’m stuck on foothold. I can change the main page but I don’t seem to understand how I can get a shell. Can someone PM me for help?

me too, i got creds from dyno and im able to load js but i still can’t get a shell or RCE… any hint?
Ty

@hetan check what you can do with the environment you’re in.
Buckets need to get their files in there somehow :slight_smile:

Well I can upload whatever i want but isn’t s# for static content only? so I don’t get what u mean… i already tried every single cli commands related to s#/##api etc… but maybe i’m missing something… can you pm me?

@hetan said:

Well I can upload whatever i want but isn’t s# for static content only?

I’d test this rather than assuming it was correct.

Type your comment> @TazWake said:

@hetan said:

Well I can upload whatever i want but isn’t s# for static content only?

I’d test this rather than assuming it was correct.

… well sometimes you have to think outside the box :sweat_smile:

Rooted :smiley:

Foothold:

simple enumeration will guide you in the right place
Enum the right place
Docs

User:

And you already have it

root:

Easiest part. the traditional scritps will bloat your screen, you should notice that! (examine the folder. you could not do that before)

Any nudges just ask :wink:

Damnnn finally i rooted this box! It was funny and root was interesting :smiley:

Hmmmm. Much like others, I can move files around to s* bucket but can’t seem to find a path forward. I have tried multiple shells. Any nudges would be appreciated.

Nice box so far. Learned a lot about “Buckets!”

Root !

Other small hints :

Access/User :
Don’t hesitate to spam F5, it doesn’t stay long…

Root :
You “just” need to chain commands on the box with the right payload :slight_smile:

Not too sure about that machine. I liked the research phase and learning about new tools, it’s always cool, not only for the specific things your learn, but for the general flow you get about it.
But that “speed” challenge led me to believe things didn’t work and made me lose a few hours. That’s kinda sad when you spend three hours looking in another direction because you were one second late on the refreshing…
Anyway, on my way to root now !

P.S : I, once again, had trouble with the user flag. What happened was I was going through a VPN, but my “Access” page on the classic HTB platform was registering me on another one. So I downloaded the file HTB thought I was using, and could submit the flag. Next time you can’t submit a flag, try to check if the VPN you’re using and the one registered within HTB don’t mismatch.

Edit : WOW ! I changed my mind. I LOVED the root part.
Thank you @MrR3boot that was really cool !

Don’t mind me

Finally rooted the box, amazing box learned a lot of stuff from it, if anyone needs a hint drop a message and I’d be happy to help :smile: