CTFtime.org

Buckets

by skat / IrisCS

Tags: web 

Rating:

# Buckets

We're given an Amazon S3 Bucket Website: http://tamuctf.s3-website-us-west-2.amazonaws.com

When we inspect the source code of the website, we find some hints.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/Buckets-1.png)

```

```

This particular hint leads me to believe that the (fictional) author of this website must have some sort of configuration slip-up, especially since they're new to it.

The URL of the website is `http://tamuctf.s3-website-us-west-2.amazonaws.com/`, which means that the name of the website is `tamuctf`. We can view the files of the website (like browsing a directory) by accessing the site's S3 AmazonAWS Bucket directly, assuming that it is misconfigured and allows public access. To do this, we simply just go to `http://tamuctf.s3.amazonaws.com/`.

When we do this, we find an XML page detailing all of the files in the Bucket. We find the flag in one of these XML entries.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/Buckets-2.png)

If we access this resource from the site, then we are able to retrieve the flag.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/Buckets-3.png)

Original writeup (https://github.com/shawnduong/ctf-writeups/blob/master/2019-TAMU/Web/Buckets.md).

Comments