Size: Small
Difficulty: Easy
Command: $ ./cloudgoat.py create sns_secrets
TryHackMe Room: SNS Secrets Walkthrough
- 1 EC2 instance
- 1 SNS topic
- 1 API Gateway REST API
- 1 IAM role
- 1 IAM user
- AWS Access Key and Secret Key
Get the final flag by invoking the API Gateway with the leaked API key.
In this scenario, you are given AWS credentials. Your task is to enumerate permissions and discover that you have the ability to list and subscribe to SNS topics. Use Pacu's new modules, "sns__enum" and "sns__subscribe," to subscribe to the topic. You will receive an email from the topic containing an API Key as a debug message. Next, use the AWS CLI to enumerate the API Gateways and find the path, method, stage, and resource of the API Gateway. Finally, perform a curl request with the API key to retrieve the final flag.
- Start by enumerating the permissions of the provided AWS access key and secret key.
- Enumerate SNS topics using the
sns__enummodule in Pacu to list the available topics. - Subscribe to the identified SNS topic using the
sns__subscribemodule in Pacu. - Confirm the subscription via the email you receive.
- Wait for the SNS topic to publish messages and check your email for a message containing an API Key.
- Enumerate API Gateways using the AWS CLI to find the API Gateway path, method, stage, and resource.
- Identify the correct method and stage for the API Gateway.
- Use
curlwith the API Key to invoke the API Gateway and retrieve the final flag.
A detailed cheat sheet & walkthrough for this route is available here.