TUTORIAL Bucket Discussion
by Ro0ted - October 17, 2020 at 10:37 PM
#1
Do any of them have any ideas?
#2
I just started it, assuming it has something to do with amazon web services s3 bucket. Haven't really seen anything of interest yet.
#3
vhost subdomain:
http://s3.bucket.htb
#4
I have 3 credentials from s3.bucket but not working for ssh. I
#5
(October 18, 2020 at 02:09 AM)skorld Wrote: I have 3 credentials from s3.bucket but not working for ssh. I
Where did you find credentials ?
#6
(October 18, 2020 at 08:00 AM)Ro0ted Wrote:
(October 18, 2020 at 02:09 AM)skorld Wrote: I have 3 credentials from s3.bucket but not working for ssh. I
Where did you find credentials ?

I'm stuck here too. You get creds by pulling them from the dynamo db

On the s3 subdomain you can fuzz to find /shell

You get a dynamo js webshell. List tables. And then get content of the users table.
#7
How can i connect to the s3.bucket?
#8
aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds
#9
(October 18, 2020 at 09:51 AM)VillainD Wrote: aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds

great man thank you. can you explain me the steps to find this command ?
#10
(October 18, 2020 at 10:04 AM)Ro0ted Wrote:
(October 18, 2020 at 09:51 AM)VillainD Wrote: aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds

great man thank you. can you explain me the steps to find this command ?

first list all the tables using

aws dynamodb list-tables --endpoint-url http://s3.bucket.htb/

https://docs.aws.amazon.com/cli/latest/r...l#examples

then i was searching to get those table contents and dynamodb has an option scan "The Scan operation returns one or more items and item attributes by accessing every item in a table or a secondary index"

https://docs.aws.amazon.com/cli/latest/r...l#examples

based on the examples i used this command since we already know the tables name

aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/

and the "--endpoint-url" i got it from here

https://stackoverflow.com/questions/6098...ing-tables
#11
you can upload files to the buckets

└─# aws --endpoint-url=http://s3.bucket.htb s3 cp ./myfile.txt s3://macz

you can reach the file over the url
http://s3.bucket.htb/macz/myfile.txt
#12
(October 18, 2020 at 10:15 AM)VillainD Wrote:
(October 18, 2020 at 10:04 AM)Ro0ted Wrote:
(October 18, 2020 at 09:51 AM)VillainD Wrote: aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds

great man thank you. can you explain me the steps to find this command ?

first list all the tables using

aws dynamodb list-tables --endpoint-url http://s3.bucket.htb/

https://docs.aws.amazon.com/cli/latest/r...l#examples

then i was searching to get those table contents and dynamodb has an option scan "The Scan operation returns one or more items and item attributes by accessing every item in a table or a secondary index"

https://docs.aws.amazon.com/cli/latest/r...l#examples

based on the examples i used this command since we already know the tables name

aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/

and the "--endpoint-url" i got it from here

https://stackoverflow.com/questions/6098...ing-tables
got this error
Unable to locate credentials. You can configure credentials by running "aws configure".
but i dont find any credentials

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL tentacle DISCUSSION blurghadurgh 19 2,140 9 hours ago
Last Post: Ro0ted
TUTORIAL ATTENDED [DISCUSSION] 0xvijay 50 8,398 January 26, 2021 at 01:23 AM
Last Post: Rooted1
FLAG Bucket Commands to root y0ukn0wm3 7 2,177 December 05, 2020 at 05:23 AM
Last Post: y0ukn0wm3

 Users browsing this thread: 1 Guest(s)