Welcome to my blog! In this post, I’ll be sharing my solutions to the challenges presented by bigiamchallenge.com. The Big IAM Challenge is an online CTF (Capture the Flag) event that tests participants’ knowledge of AWS IAM (Identity and Access Management). The challenge consists of six objectives that highlight common IAM misconfigurations. I had a great time working through the challenges and learned a lot along the way. So, let’s dive in and explore my solutions!
Challenge 1
The first challenge in The Big IAM Challenge involves an S3 bucket with an IAM policy that allows public access to the objects in the bucket. The policy allows anyone to perform the s3:GetObject action on objects in the thebigiamchallenge-storage-9979f4b bucket, as well as the s3:ListBucket action on the bucket itself, with the condition that the s3:prefix is "files/*".
To solve this challenge, you can use the AWS CLI (Command Line Interface) to list the contents of the files/ directory in the bucket and retrieve the flag1.txt file. The solution commands are:
aws s3 ls s3://thebigiamchallenge-storage-9979f4b/files/ --no-sign-request
aws s3 cp s3://thebigiamchallenge-storage-9979f4b/files/flag1.txt /tmp/ --no-sign-request
The first command lists the contents of the files/ directory in the bucket, while…
