HackTheBox - Bucket

00:00 - Intro 00:57 - Start of nmap discovering the HTTP Site bucket.htb 03:30 - Poking at the website, using the developer console to discover s3.bucket.htb 05:00 - Using curl to view HTTP Headers and discovering amazon 05:30 - Oh god... I forgot to edit the URL in this gobuster! Actually created a feature request in GoBuster to fix this mistake from happening. 05:45 - Installing AWS CLI 06:30 - Using the aws to connect to a custom endpoint, then configure credentials 07:30 - Exploring the S3 Bucket 09:25 - Using S3 to add a reverse shell to the website 11:15 - Reverse Shell returned, spending some time to start taking notes. 16:30 - End of notes, poking around on the terminal to find 19:00 - Discovering some weird ports, checking the apache configuration to see if they are related 20:55 - The Apache mpm_itk_module specifies the site is running as root and not www-data 23:50 - Poking at DynamoDB to get user credentials 26:10 - Doing some jq fu to get exactly the information we want and building a username/password list 30:00 - Explaining extended file attributes and using getfacl to see Roy can access bucket-app 33:30 - Exploring the bucket-app to see it pull information from DynamoDB to build PDF's 35:05 - Using Flameshot to explain exactly what is happening in the code 40:00 - Looking at pd4ml (library used to make PDF) to see we can attach a file 41:45 - Doing a port forward to forward port 8000 back to our box 43:00 - Creating the alerts table in DynamoDB 45:50 - Creating the JSON Document we want to insert into the alert table 48:10 - Using AWS dynamodb --put-item to put the document into the table 49:50 - Creating the PDF and pulling /etc/passwd from the server 52:00 - Because this is java if we fopen a directory, we get a listing, discovering .ssh 53:00 - Pulling the SSH Key 54:22 - Exploring our notes to see what else we wanted to do 56:20 - Showing off the timeline plugin in obsidian