In the post, i would like to share some knowledge on Cloud Penetration Testing for learning purposes
What is Cloud Penetration Testing?
There are some Penetration Testing that has been executed within the organization and one of them is Cloud Penetration Testing Activity. It is an activity that has been designed so that the tester will access the strength and weaknesses of any application that resides inside the cloud system.
The main purpose for the activity are such as follows:
Identify risks, vulnerabilities, and gaps
Impact of exploitable vulnerabilities
Determine how to leverage any access obtained via exploitation
Deliver clear and actionable remediation information
Provide best practices in maintaining visibility
Demonstration on the Cloud Penetration Testing
The writeup is taken from here for those who are willing to read further on the process
Now, we know that system is using Amazon Web Services or also known as AWS.
Tools use: Installing AWScli
We need to install AWScli in order to play with the machine.
We will execute the command sudo apt update && apt install awscli
Now we can try to gain access to the machine via reverse shell.
Before we can get the reverse shell, it is required to setup the AWS configuration.
We don’t have to key-in the real key because this is for HTB room purposes.
We can run the command aws dynamodb list-tables –endpoint-url http://s3.bucket.htb
Oh, wait! We got an error with the command and we found out that the command will need to execute with root privilege.
Therefore, we need to know any available tables in the machine and we found nothing.
We don’t have any use for that information for now. But we will come back here when needed later on.
aws –endpoint-url http://s3.bucket.htb. s3 ls
When we execute the command sudo aws –endpoint-url http://s3.bucket.htb. s3 ls, we did notice that adserver directory is there for some reason.
Let’s check what has been stored in that directory by executing sudo aws –endpoint-url http://s3.bucket.htb. s3 ls s3://adserver
There’s a website file such as index.html stored in the directory. I have been thinking that maybe we can upload any file into the directory.
Let’s upload the PHP reverse shell inside.
I have modified the name of the file and we are set with the PHP reverse shell.
We have successfully uploaded the shell into the AWS environment.
Source: Read More