Writeup for TEASER: Locked out

Checkout the original writeup with relevant images included

Task 1 - Obtaining external access keys (25 points)

1. By launch the only given URL, and you will see a public content available on the listing, ie. external-spaceship-storage.txt
2. Launch the URL https://external-spaceship-storage-b38e8c6.s3-eu-west-1.amazonaws.com/external-spaceship-storage.txt to download this text file
3. In this text file, you are able to find the Access Key ID, Secret Access Key, and the first flag

Task 2 - Checking your internal storage (25 points)

1. Download awscli and launch the command aws configure, to authenticate by providing those information mentioned above
2. Command aws s3 ls lists all the directories on the corresponding authorized S3 bucket, and you will see a private directory that wasn't found on step 1. You should be able to find a file in it, which contain the 2nd flag
3. Command aws s3 cp <source> <target> allows you to download/copy the file from S3 bucket (requires prefix s3://FULL_PATH) to local machine

Flags

1. CTF{6c2c45330a85b126f551}
2. CTF{4ababede5580d9a22a2a}

References

• https://medium.com/@shamnad.p.s/how-to-create-an-s3-bucket-and-aws-access-key-id-and-secret-access-key-for-accessing-it-5653b6e54337
• https://docs.aws.amazon.com/cli/latest/userguide/cli-services-s3-commands.html

Original writeup (https://github.com/GohEeEn/CTFs-Write-Up/tree/main/HackyHoliday2021/cloud/Locked_out).