A Bucket Load of Trouble

Introduction

GlobalButter is launching a new product called 'StarTrekButter'. This will be a subsidiary of GlobalButter.

The admins of 'StarTrekButter' like to use a lot of AWS services, their favorite being Amazon S3.

However, they are very bad at security. There is news in the underground that someone has leaked some sensitive files into an S3 bucket but have poorly configured it making it available to the public.

Just some additional info, last week two buckets were discovered called 'admin.startrekbutter' and 'hr.startrekbutter'.

Starting point

Download the custom dictionary from the link given below
Update the dictionary to fit the company's naming convention

Your task

Find the name of the misconfigured S3 bucket
Find the 'flag.txt' file in the bucket

Note: Use this custom dictionary stolen from their servers to find the bucket and the flag file. You may have to edit the dictionary to align with the company's naming convention as shown above!

https://s3.amazonaws.com/awscloudsec-ctf-helpfiles/startrekbutter-bucketnames.txt

PreviousAMI not worthy?NextAt Your Service - Solution

Last updated 2 years ago