Size: Small
Difficulty: Easy
Command: $ ./cloudgoat.py create RDS_snapshot
- 1 VPC with:
- EC2 x 1
- S3 x 1
- RDS x 1
- 1 IAM Users
- IAM User "David"
Get the flags that are included in the RDS snapshot.
Starting with access to EC2, the user can leverage the privileges of the EC2 instance to steal credentials from S3.
With the stolen credentials, the attacker can gain RDS Snapshot restore privileges, which will allow them to access the DB and retrieve flags.
- the attacker gains access to the hijacked EC2 instance.
- The attacker accesses S3 on the compromised EC2 instance and retrieves credentials.
- The attacker uses the stolen credentials to locate and access the AWS Relational Database Service (RDS).
- The attacker verifies that an RDS snapshot exists.
- The attacker restores the RDS snapshot and hijacks the DB containing customer data (Flag).
A cheat sheet for this route is available here.