TUTORIAL Bucket Discussion
by Ro0ted - October 17, 2020 at 10:37 PM
#1
Do any of them have any ideas?
Reply
#2
I just started it, assuming it has something to do with amazon web services s3 bucket. Haven't really seen anything of interest yet.
Reply
#3
vhost subdomain:
http://s3.bucket.htb
Reply
#4
I have 3 credentials from s3.bucket but not working for ssh. I
Reply
#5
(October 18, 2020 at 02:09 AM)skorld Wrote: I have 3 credentials from s3.bucket but not working for ssh. I
Where did you find credentials ?
Reply
#6
(October 18, 2020 at 08:00 AM)Ro0ted Wrote:
(October 18, 2020 at 02:09 AM)skorld Wrote: I have 3 credentials from s3.bucket but not working for ssh. I
Where did you find credentials ?

I'm stuck here too. You get creds by pulling them from the dynamo db

On the s3 subdomain you can fuzz to find /shell

You get a dynamo js webshell. List tables. And then get content of the users table.
Reply
#7
How can i connect to the s3.bucket?
Reply
#8
aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds
Reply
#9
(October 18, 2020 at 09:51 AM)VillainD Wrote: aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds

great man thank you. can you explain me the steps to find this command ?
Reply
#10
(October 18, 2020 at 10:04 AM)Ro0ted Wrote:
(October 18, 2020 at 09:51 AM)VillainD Wrote: aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds

great man thank you. can you explain me the steps to find this command ?

first list all the tables using

aws dynamodb list-tables --endpoint-url http://s3.bucket.htb/

https://docs.aws.amazon.com/cli/latest/r...l#examples

then i was searching to get those table contents and dynamodb has an option scan "The Scan operation returns one or more items and item attributes by accessing every item in a table or a secondary index"

https://docs.aws.amazon.com/cli/latest/r...l#examples

based on the examples i used this command since we already know the tables name

aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/

and the "--endpoint-url" i got it from here

https://stackoverflow.com/questions/6098...ing-tables
Reply
#11
you can upload files to the buckets

└─# aws --endpoint-url=http://s3.bucket.htb s3 cp ./myfile.txt s3://macz

you can reach the file over the url
http://s3.bucket.htb/macz/myfile.txt
Reply
#12
(October 18, 2020 at 10:15 AM)VillainD Wrote:
(October 18, 2020 at 10:04 AM)Ro0ted Wrote:
(October 18, 2020 at 09:51 AM)VillainD Wrote: aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/ | jq -r .

this will give u those creds

great man thank you. can you explain me the steps to find this command ?

first list all the tables using

aws dynamodb list-tables --endpoint-url http://s3.bucket.htb/

https://docs.aws.amazon.com/cli/latest/r...l#examples

then i was searching to get those table contents and dynamodb has an option scan "The Scan operation returns one or more items and item attributes by accessing every item in a table or a secondary index"

https://docs.aws.amazon.com/cli/latest/r...l#examples

based on the examples i used this command since we already know the tables name

aws dynamodb scan --table-name users --endpoint-url http://s3.bucket.htb/

and the "--endpoint-url" i got it from here

https://stackoverflow.com/questions/6098...ing-tables
got this error
Unable to locate credentials. You can configure credentials by running "aws configure".
but i dont find any credentials
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL Cereal.htb discussion (no tutorial) Kali76 22 2,293 2 hours ago
Last Post: Kali76
FLAG Bucket Commands to root y0ukn0wm3 4 1,316 5 hours ago
Last Post: hack3rw0n
TUTORIAL Phonebook Discussion internet dreams 13 1,584 November 14, 2020 at 09:25 PM
Last Post: Masterofntn

 Users browsing this thread: 1 Guest(s)