This is the first video in the GCP series which showcases the first GCP scenario at https://pwnedlabs.io/labs/breach-in-the-cloud
The only information that is provided to complete this challenge is the URL of a web application which is serving image files from a misconfigured storage bucket. After fuzzing the potential files in the storage bucket, a backup zip file was discovered because the object’s entity is Public with “allUsers” being given the Reader access. After decrypting the zip file the challenge is complete.
00:00 - Video context
00:39 - Discovering storage bucket
03:29 - Finding hidden file
05:07 - Decrypting file
08:05 - Post-compromise analysis
The second video in the GCP series in which the threat actor must leverage an SSRF vulnerability to exploit a misconfigured application. The application supports the gopher protocol which can be abused to query the metadata service.
The objective of this scenario was to gain access to an RDS instance. We were provided with the credentials of two different users, and exploited this AWS environment in two different ways.
We gain access to the targeted AWS account by finding an SSRF and RCE vulnerability on an AWS-hosted webapp. We then pivot to other containers and use the metdata credentialso f both the compromised EC2 instance and other docker containers to obtain elevated access within the AWS workload.
