Challenge: Santa is always keeping up with the times. He asked his elves to build him a web page that will help with the ordering and distributing of presents. Being crunch time, the elves took some shortcuts to get the page up and running. Would you be willing to check if the elves made any mistakes that could leak possibly sensitive information?
URL: x.owasp.si
The page does not show more than an image of “Under Construction/Santa”, but the headers reveal it’s an S3 page.
I initially tried to get some info by requesting various apis, but eventually gave up and simply installed awscli
. The issue was that the S3 bucket was not protected and we could simply list and download it.
$ aws s3 ls s3://x.owasp.si --no-sign-request
2020-12-01 20:55:03 22 6470e394cbf6dab6a91682cc8585059b.txt
2020-12-01 20:31:08 246 index.html
2020-12-01 20:31:09 123824 santa.png
Flag: xmas{naugh7y_and_n1c3}
What did I learn: Don’t try to talk to AWS directly, use a tool.