Navigate back to the homepage

Advent of Cyber Day 14 Unknown Storage

Ludovic COULON
May 8th, 2020 · 1 min read

TryHackMe | Advent of Cyber

McElferson opens today’s news paper and see’s the headline

Private information leaked from the best festival company

This shocks her! She calls in her lead security consultant to find out more information about this. How do we not know about our own s3 bucket.

McSkidy’s only starting point is a single bucket name: advent-bucket-one

Check out the supporting material here.

With the supporting material given by TryHackMe we can use the following commands :

#1 What is the name of the file you found?

1kali@kali:~$ curl advent-bucket-one.s3.amazonaws.com
2<?xml version="1.0" encoding="UTF-8"?>
3<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
4<Name>advent-bucket-one</Name>
5<MaxKeys>1000</MaxKeys>
6<IsTruncated>false</IsTruncated>
7<Contents>
8    <Key>"employee_names.txt"</Key>
9    <LastModified>2019-12-14T15:53:25.000Z</LastModified>
10    <ETag>e8d2d18588378e0ee0b27fa1b125ad58</ETag>
11    <Size>7</Size>
12    <StorageClass>STANDARD</StorageClass>
13</Contents>
14</ListBucketResult>

#2 What is in the file?

1kali@kali:~$ curl advent-bucket-one.s3.amazonaws.com/employee_names.txt
2"mcchef"

More articles from Ludovic COULON

Ethical hacking course

Ethical hacking course write up base on the course -> https://www.udemy.com/course/real-world-ethical-hacking/

March 11th, 2020 · 6 min read

Mr Robot CTF

Mr Robot CTF writeup

May 10th, 2020 · 1 min read
© 2020 Ludovic COULON
Link to $https://github.com/LasCCLink to $https://www.linkedin.com/in/ludovic-coulon-b361ba183/Link to $https://www.youtube.com/channel/UCkDvlI9LUuwZ4GKFUbP_OvgLink to $mailto:coulonludovicc@gmail.com
063664e4.js" async="">