PwnedLabs
A collection of capture-the-flag walkthroughs from PwnedLabs.io
Last updated
Was this helpful?
A collection of capture-the-flag walkthroughs from PwnedLabs.io
Last updated
Was this helpful?
This walkthrough outlines a method to escalate privileges from limited access AWS keys by exploiting IAM policy rollback.
This write-up covers exploiting weak bucket policies to gain privileged access in an AWS environment.
This write-up explores how misconfigured AWS S3 Bucket Versioning permissions permissions on AWS S3 Bucket Versioning can allow unauthorized access to sensitive data.
In this write-up, we cover the process of enumerating AWS S3 buckets to identify potential misconfigurations that can lead to data exposure.
In this walkthrough, the goal is to identify potential security flaws, gain unauthorized access, and exfiltrate data from a publicly exposed RDS instance.
This walkthrough covers performing a Server Side Request Forgery (SSRF) attack. It involves exploiting SSRF to access and abuse EC2's metadata service, ultimately compromising credit card data through credential abuse of an IAM Role.
In this walkthrough, we explore a method to recover AWS credentials from a Git repository's history using a secrets scanning tool called Trufflehog. After obtaining the credentials, we leverage them to access sensitive data in an AWS S3 bucket.