flaws2.cloud (Level 1)
Level 1 (http://level1.flaws2.cloud/)
a) We are provided with a form that intakes digits only. Upon checking we came to know that validation is being performed only on the client side using javascript. This can be verified by viewing the HTML source of the page. Method validateForm() is performing this validation.
b) We can bypass this check just by modifying the HTML. We need to remove the โonsubmitโ event listener from the form. OR you can directly intercept the valid form request in the burp suite.
c) Now if we try to pass characters that are not digits, we will get an error with debugging data including AWS Secrets.
d) Configuring the credentials in aws cli-
aws sts get-caller-identity --profile test
e) Enumerating permissions of our creds-
./bf-aws-permissions.sh -p test -r us-east-1
Tried all the allowed permissions but didnโt find anything interesting.