From the course: Python: Pen Testing AWS
Join today to access over 24,600 courses taught by industry experts.
Exploiting a misconfigured server - Python Tutorial
From the course: Python: Pen Testing AWS
Exploiting a misconfigured server
- [Instructor] Let's launch cloud goats, cloud breech S3 scenario and take a look at it. Cloud goats.py create cloud breach S3. This will take a while. So we'll come back to this once it's deployed. That's complete. And we can see our start point for testing is an EC2 server IP address. We can start our testing by checking the servers metadata. To do this, we use the curl command to interrogate the server by using the minus H option and the AWS metadata address of 169 254 169 254. Curl HTTP://18.204.21.45/latest/metadata and we use the minus H option with host 169.254.169.254. Okay, here we see the list of metadata items that we can interrogate. Let's go look at the IAM section And use the same command with the IAM folder. We can see that this has returned info and security credentials. Let's have a look at the security credentials. And now we've got to row identifier. So let's see what we can find recorded…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Understanding the CloudGoat testing paradigm3m 5s
-
(Locked)
Installing CloudGoat2m 7s
-
(Locked)
Launching CloudGoat scenarios2m 29s
-
(Locked)
Listing the user policy2m 50s
-
(Locked)
Gaining privileges by changing policies2m 27s
-
(Locked)
Exploiting a misconfigured server4m 22s
-
(Locked)
Closing down a CloudGoat scenario37s
-
-
-
-
-