2024-11-21
Three - S3 Bucket Misconfiguration and Remote Code Execution via AWS CLI
Technical writeup detailing the compromise of the Three machine. The methodology involves identifying an exposed subdomain (s3.thetoppers.htb) pointing to an AWS S3 bucket. Exploitation is achieved by leveraging a misconfigured access policy via the AWS CLI to perform an arbitrary file upload of a PHP webshell. Remote Code Execution (RCE) is then established using the webshell, leading to full system access as the www-data user.