HackTheBox - Bucket
00:00 - Intro
00:57 - Start of nmap discovering the HTTP Site
03:30 - Poking at the website, using the developer console to discover
05:00 - Using curl to view HTTP Headers and discovering amazon
05:30 - Oh god... I forgot to edit the URL in this gobuster! Actually created a feature request in GoBuster to fix this mistake from happening.
05:45 - Installing AWS CLI
06:30 - Using the aws to connect to a custom endpoint, then configure credentials
07:30 - Exploring the S3 Bucket
09:25 - Using S3 to add a reverse shell to the website
11:15 - Reverse Shell returned, spending some time to start taking notes.
16:30 - End of notes, poking around on the terminal to find
19:00 - Discovering some weird ports, checking the apache configuration to see if they are related
20:55 - The Apache mpm_itk_module specifies the site is running as root and not www-data
23:50 - Poking at DynamoDB to get user credentials
26:10 - Doing some jq fu to get exactly the
8 months ago 00:10:23 1
11 months ago 00:00:00 1
1 year ago 00:04:06 1
1 year ago 00:32:44 18
1 year ago 00:34:38 2
1 year ago 01:27:34 5
1 year ago 00:37:18 6
1 year ago 00:41:25 5
1 year ago 01:46:13 2
1 year ago 01:12:42 4
1 year ago 00:26:29 1
1 year ago 02:06:46 2
1 year ago 00:54:43 11
1 year ago 02:05:30 1
1 year ago 00:33:44 1
1 year ago 00:27:16 1
1 year ago 00:30:39 1
1 year ago 11:21:04 1
1 year ago 07:22:03 1
1 year ago 05:30:24 3
1 year ago 01:02:06 17
1 year ago 00:16:21 18
1 year ago 02:09:39 15
1 year ago 00:29:19 2
