S3

This is a Medium Linux Box. It revolves around AWS and an S3 instance. The HTML source code of the main site reveals an S3 instance subdomain. It allows for unauthenticated file upload, so it’s possible to get code execution via PHP. With a foothold, there is a config file that references DynamoDB. This database contains credentials for another user on the box. That user has Read access to the source code of a web app running as root. The web app consults the DynamoDB to generate a PDF, and it’s possible to create an entry in a table to read arbitrary files into the generated PDF. That is used to read root’s SSH key and login to the machine. ...