flaws.cloud Walkthrough | AWS Penetration testing — Level-3
Now try the first thing we do, check for the s3 buckets on that domain.
Well there seems to be a lot of files. Need to see which are juicy out of them.
we can download the whole bucket using sync command as below
aws s3 sync s3://YOUR_BUCKET ./(DESTINATION FOLDER)
We have successfully downloaded the full s3 bucket.
Now let’s check what’s in the git repo
First cd to the destination directory.
Now use the git status, log etc commands.
Here we can see that there is one commit where author has accidently addedd something.
Let’s check what did he do.
Well it looks like he saved the access keys and tried to remove it in the next git commit.
lets read that access keys and use them to create a new profile in aws-shell.
Access Key ID: AKIAJ366LIPB4IJKT7SA
Secret Access Key: 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
Cool, let’s configure a profile named lab3.
So after configuring the profile let’s get the caller identity for the user.
Well from the above screenshot we can also get the folder name as backup.
Now try to list down the s3 buckets accessible to the profile by using the ls command.
From, the above URLs we can directly go to any level but anyway let’s learn and try not to just go to the end without learning the other modules.