Challenge: The north pole set up a serverless system to help light up the Christmas tree. The correct passcode must be entered before the 25th. Otherwise, we will all be celebrating in darkness. Can you help find the passcode so everyone can celebrate the brightest Christmas ever?
URL: http://y.owasp.si
Now, I had a bit of a jump start on this one. Who names one challenge x.owasp.si and the next one y.owasp.si?
Here we start out wit the same thing. Looking at HTTP headers or DNS, we see its another S3 bucket so we try again to see if it’s open:
$ host y.owasp.si
y.owasp.si is an alias for y.owasp.si.s3-website.eu-west-1.amazonaws.com.
y.owasp.si.s3-website.eu-west-1.amazonaws.com is an alias for s3-website.eu-west-1.amazonaws.com.
s3-website.eu-west-1.amazonaws.com has address 52.218.62.12
And the list:
$ aws s3 ls s3://y.owasp.si --no-sign-request
PRE .git/
2020-12-01 20:32:15 106 c1d4770507f608acacdefcafc5d3ee1f.py
2020-12-01 20:32:15 596 index.html
Ah, .git
.
Ok, so we have the region, access id and key. Now what? The challenge text mentioned serverless. Googling around AWS for what they “sell” under that name gives a few options, but Lambda was the first one.
We need to create ~/.aws/credentials
, best by running aws configure
and then we can list Lambda functions:
Flag: xmas{around_th3_tree_w3_r0ck}
What did I learn: Use the awscli command, and a few serverless concepts.