• Tue. Mar 2nd, 2021

Objective 2 – Investigate S3 bucket

Byscrewtopkittens

Jan 15, 2021 ,

For this task we needed to identify an insecure s3 bucket obtain a payload in the form of an overly wrapped present 😛 and  retrieve a text string from the wrapped file. For this task making use of the very useful ruby script bucket_finder to search through AWS S3 for open buckets. Looking at this blog post it can be seen that a lot of useful information can be found from s3 and that there is still a large number of open buckets.

https://digi.ninja/blog/whats_in_amazons_buckets.php First clue in this challenge is when logging on to the terminal where we are presented with a name of interest “Wrapper3000” and can see the bucket_finder tool

Once we have this information we find a word list in the bucket finder directory so we need to update this with the word of interest “wrapper3000” this can be updated using your fave Linux text editor such as vim or nano. Once updated we execute the bucket finder using the prepared word list which then finds a open AWS bucket called wrapper3000 that contains a file “package

Once we have the package we need to figure out what is in it so first thing I did was run it through “file” and “strings

from the looks of it not much interesting so next I fed it into cyber chef (https://gchq.github.io/CyberChef/) and used the magic function to see if there was anything obvious.

From the output we can see that the package was initially base 64 encoded and is then packaged by multiple compression types containing a text file in the middle. To get to the text file we need to reverse the packing as follows.

Base64 decode → ZIP → bzr2 → xxd → xy → z → txt

Once Decoded we read the text file and obtain the required string to answer the Objective.

Links

https://gchq.github.io/CyberChef/
https://digi.ninja/blog/whats_in_amazons_buckets.php

Scroll Up