Special Policy Bucket vulnmachines walkthrough

A bucket policy is a resource-based AWS Identity and Access Management (IAM) policy. You add a bucket policy to a bucket to grant other AWS accounts or IAM users access permissions for the bucket and the objects in it. Object permissions apply only to the objects that the bucket owner creates. In this challenge we have added a special policy to read data from S3 bucket.

Step 1: Login to Vulnmachines

Step 2: Navigate to “Challenges >> Cloud Labs >> Special Policy Bucket”.

Step 3: Click on “Lab Access” to navigate to lab.

Step 4: Here you have to perform a recon on the lab URL to identify the hidden file. I used “dirb” and found the “secret.html” file. Now access the file using “http://<labip>/secret.html” URL.

Here you can observe that multiple times “f149.txt” URL is given with a note that you can access f149.txt if your “User-Agent” header value is “VnMSecurityLab”.

Step 5: Access all the URLs one by one and intercept the traffic using Burp Suite. Modify the “User-Agent” header value as shown in below figure.

Step 6: Observe the response of the modified request as shown in below figure.

Flag: vnm{Special_Bucket_Policy_Bypassed}