Pradip Bhattaraiprdp1137.hashnode.dev·Sep 10, 2022Solving Assumptions of Life: Winja CTF | Nullcon Goa 2022Summary The challenge started with the web page accepting cmd parameter with only env command input. The output of the environment included AWS_ACCOUNT_ID and AWS_ROLE. After obtaining the credentials with assume-role, listing the available S3 bucket...Discuss·188 readsAWS
Pradip Bhattaraiprdp1137.hashnode.dev·Sep 9, 2022Solving Crater Problem: Winja CTF | Nullcon Goa 2022Summary The challenge started with the description along with the Terraform state file. This challenge involved the misconfiguration within the AWS policy allowing any AWS account to perform multiple actions against the vulnerable AWS service configu...Discuss·1 like·546 readsaws cli
