Size: Medium Difficulty: Easy
Command: $ ./cloudgoat.py create sqs_flag_shop
- 1 VPC with:
- Lambda x 1
- RDS x1
- EC2 x1
- SQS
- IAM Users x 1
1 IAM User, Web address
Buy FLAG successfully on the shop site
The first web page will be provided. Attackers check the privileges they currently have and perform privilege escalation. Find and analyze the hidden web source code, and think about how you can buy “FLAG” using the privileges you have!
- The attacker accesses the web page and identifies the features first
- The attacker checks the privileges it has
- Find the web source code. By analyzing the source code, the attacker checks the format of message sent to the SQS service
- Assume the the sending message role about SQS service
- The attacker, who possesses the necessary permissions, sends a forged message to the SQS service queue
- Check the changed assets, purchase FLAG and check the secret-string
A cheat sheet for this route is available here