Summary
- The provided IP address for the global logistics company is checked using Nmap and reviewed in the AWS Management Console.
- It shows an AWS EC2 instance running Linux and various open ports including HTTP and SSH, along with software versions.
- There is also an open S3 bucket “mega-big-tech”, which potentially reveals sensitive information, like the AWS account ID.
- The S3 bucket is analyzed using a tool called s3-account-search to crack the account ID and an IAM user with the appropriate permissions.
- It is crucial to determine the AWS account ID to begin enumerating, which is used as a flag in this lab to make progress.
- Apart from this, it is recommended to follow the author on HackTheBox and other social media platforms. GPreview
- This write-up describes how to identify the account ID of an AWS account using an S3 bucket and a tool called s3-account-search.
- The post also mentions the importance of having the right permissions to assume a role and use the s3:ListBucket and s3:GetObject actions.
By Reju Kole
Original Article