Hacking AWS Services | rce_web_app (Medium / Hard)
HTML-код
- Опубликовано: 11 сен 2024
- CloudGoat (☁️🐐)
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool.
=-=-=-=-=-==-=-==-=-==-=-==-=-==-=-==-=-==-=-=
Note: This is for educational purposes only!
=-=-=-=-=-==-=-==-=-==-=-==-=-==-=-==-=-==-=-=
Starting as the IAM user Lara, the attacker explores a Load Balancer and S3 bucket for clues to vulnerabilities, leading to an RCE exploit on a vulnerable web app which exposes confidential files and culminates in access to the scenario’s goal: a highly-secured RDS database instance.
Alternatively, the attacker may start as the IAM user McDuck and enumerate S3 buckets, eventually leading to SSH keys which grant direct access to the EC2 server and the database beyond.
