- Published on
The challenge provides Access Keys that are used to authenticate to the AWS instance and enumerate AWS IAM resources which includes users, policies, and roles
Aws
All Posts
- cyberwarfarelabs (19)
- cloud (19)
- machine (16)
- windows (11)
- active-directory (11)
- aws (10)
- awscli (10)
- gcp (5)
- linux (5)
- azure (4)
- s3 (4)
- genericall (4)
- lambda (3)
- gcloud-cli (3)
- esc1 (3)
- azure-cli (2)
- ms-graph (2)
- kms (2)
- command-injection (2)
- ssrf (2)
- cloud-functions (2)
- path-traversal (2)
- port-forwarding (2)
- genericwrite (2)
- pass-back-attack (2)
- s4u2self (2)
- s4u2proxy (2)
- mssql (2)
- writeowner (2)
- shadow-credentials (2)
- pwn (1)
- malloc (1)
- pwnablexyz (1)
- ssm (1)
- logic-apps (1)
- externalid (1)
- secrets-manager (1)
- roles-anywhere (1)
- storage (1)
- oidc (1)
- sns (1)
- lambda-logs (1)
- testiampermissions (1)
- assumerole (1)
- key-vault (1)
- sqs (1)
- lfi (1)
- camaleon-cms (1)
- ssh2john (1)
- facter (1)
- pbkdf2 (1)
- ssti (1)
- regex (1)
- sqlpad (1)
- docker-jail (1)
- chrome-pentest (1)
- froxlor (1)
- daloradius (1)
- mosh-server (1)
- wing-ftp (1)
- tarfile (1)
- symlink-escape (1)
- sudoers (1)
- forcechangepassword (1)
- pwsafe2john (1)
- dcsync (1)
- ansible2john (1)
- pwm (1)
- certificate-service-dcom-access (1)
- ldap-shell (1)
- schannel (1)
- rid-brute (1)
- sebackupprivilege (1)
- ntlm-relay (1)
- esc4 (1)
- time-skew (1)
- esc16 (1)
- dpapi-credentials (1)
- server-operators (1)
- reverse-engineering (1)
- rbcd (1)
- laps (1)
- pfx2john (1)
- ssl (1)
- readlapspassword (1)
- tombstone (1)
- readgmsapassword (1)
- writespn (1)
- kerberoast (1)
- addself (1)
- esc15 (1)
- Published on
The challenge provides Access Keys that allows for IAM enumeration that leads to an additional user policy from the Permission Boundary. The policy allows for a specific S3 bucket enumeration. From there, a KMS decryption key was found and is used to decrypt and download unauthorized sensitive files such as the flag- Published on
The challenge provides Access Keys that is used to authenticate as a user that has the sts:AssumeRole permission. It is then used to escalate privileges by impersonating a role that was created leading to an S3 bucket compromise revealing the flag- Published on
The challenge provides Access Keys that are used to authenticate to the AWS instance and enumerate AWS IAM resources & Lambda function permissions. Leveraging those permissions, we can invoke a Lambda function to retrieve the hidden flag- Published on
The challenge is a webapp that has a SSRF vulnerability, the goal of the challenge is to exploit the vulnerability to steal sensitive EC2 metadata, then use the IAM credentials to make an authenticated API call and retrive the Instance ID which is the flag