- Published on
The challenge provides JSON credentials that can be used to brute-force IAM permissions to enumerate permissions on a service account
Cloud
All Posts
- cyberwarfarelabs (19)
- cloud (19)
- machine (16)
- windows (11)
- active-directory (11)
- aws (10)
- awscli (10)
- gcp (5)
- linux (5)
- azure (4)
- s3 (4)
- genericall (4)
- lambda (3)
- gcloud-cli (3)
- esc1 (3)
- azure-cli (2)
- ms-graph (2)
- kms (2)
- command-injection (2)
- ssrf (2)
- cloud-functions (2)
- path-traversal (2)
- port-forwarding (2)
- genericwrite (2)
- pass-back-attack (2)
- s4u2self (2)
- s4u2proxy (2)
- mssql (2)
- writeowner (2)
- shadow-credentials (2)
- pwn (1)
- malloc (1)
- pwnablexyz (1)
- ssm (1)
- logic-apps (1)
- externalid (1)
- secrets-manager (1)
- roles-anywhere (1)
- storage (1)
- oidc (1)
- sns (1)
- lambda-logs (1)
- testiampermissions (1)
- assumerole (1)
- key-vault (1)
- sqs (1)
- lfi (1)
- camaleon-cms (1)
- ssh2john (1)
- facter (1)
- pbkdf2 (1)
- ssti (1)
- regex (1)
- sqlpad (1)
- docker-jail (1)
- chrome-pentest (1)
- froxlor (1)
- daloradius (1)
- mosh-server (1)
- wing-ftp (1)
- tarfile (1)
- symlink-escape (1)
- sudoers (1)
- forcechangepassword (1)
- pwsafe2john (1)
- dcsync (1)
- ansible2john (1)
- pwm (1)
- certificate-service-dcom-access (1)
- ldap-shell (1)
- schannel (1)
- rid-brute (1)
- sebackupprivilege (1)
- ntlm-relay (1)
- esc4 (1)
- time-skew (1)
- esc16 (1)
- dpapi-credentials (1)
- server-operators (1)
- reverse-engineering (1)
- rbcd (1)
- laps (1)
- pfx2john (1)
- ssl (1)
- readlapspassword (1)
- tombstone (1)
- readgmsapassword (1)
- writespn (1)
- kerberoast (1)
- addself (1)
- esc15 (1)
- Published on
The challenge is a webapp that has a Command Injection & SSRF vulnerability, the goal is to chain the vulnerabilities to enumerate the GCP Compute instance and retrieve the Service Account Email ID- Published on
The challenge is a webapp that has a Command Injection vulnerability, the goal is to exploit the vulnerability by making an internal request to the Azure instance and extract the access token to authenticate then retrieve the Azure Subscription ID which is the flag- Published on
The challenge is a webapp that has a SSRF vulnerability, the goal of the challenge is to exploit the vulnerability to steal sensitive EC2 metadata, then use the IAM credentials to make an authenticated API call and retrive the Instance ID which is the flag