├── 35345345.PNG ├── AWS.py ├── aws.py └── README.md /35345345.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Lu3ky13/Unauthorized-Access-to-Metadata-and-User-Data-like-CTF/HEAD/35345345.PNG -------------------------------------------------------------------------------- /AWS.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | 3 | # Initialize a session using the provided credentials 4 | session = boto3.Session( 5 | aws_access_key_id='', 6 | aws_secret_access_key='', 7 | aws_session_token='', 8 | region_name='us-east-1' 9 | ) 10 | 11 | # Create an IAM client 12 | iam_client = session.client('iam') 13 | 14 | # Get the details of the current role 15 | try: 16 | role_name = 'GetMyFilesHandler-role-9lvbosrl' 17 | role_details = iam_client.get_role(RoleName=role_name) 18 | print(role_details) 19 | except iam_client.exceptions.AccessDenied as e: 20 | print("Access Denied:", e) 21 | -------------------------------------------------------------------------------- /aws.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | 3 | # AWS session setup 4 | session = boto3.Session( 5 | aws_access_key_id="add here", 6 | aws_secret_access_key="add here", 7 | aws_session_token="add here" 8 | ) 9 | 10 | # List of services and actions to test 11 | services_and_actions = [ 12 | ("s3", "list_buckets"), 13 | ("ec2", "describe_instances"), 14 | ("logs", "describe_log_groups"), 15 | ("sts", "get_caller_identity"), 16 | ("eks", "list_clusters"), 17 | ("iam", "list_users"), 18 | ] 19 | 20 | # Open a text file to save the output 21 | with open("aws_permissions_output.txt", "w") as output_file: 22 | for service_name, action in services_and_actions: 23 | try: 24 | # Initialize the client 25 | service = session.client(service_name) 26 | # Call the specified action 27 | method = getattr(service, action) 28 | response = method() 29 | output_file.write(f"{service_name}.{action}: Success\n") 30 | output_file.write(str(response) + "\n\n") 31 | except Exception as e: 32 | output_file.write(f"{service_name}.{action}: Failed\n") 33 | output_file.write(f"Error: {e}\n\n") 34 | 35 | print("Output saved to aws_permissions_output.txt") 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Unauthorized Access to Metadata and User Data like CTF 2 | 3 | ![Unauthorized Access to Metadata and User Data](https://raw.githubusercontent.com/Lu3ky13/Unauthorized-Access-to-Metadata-and-User-Data-like-CTF/refs/heads/main/35345345.PNG) 4 | 5 | ## Overview 6 | 7 | In many Bug Bounty and Capture The Flag (CTF) challenges, you may encounter AWS or similar cloud environments where accessing sensitive metadata and user data is restricted. Often, these challenges require creative solutions to bypass access controls. 8 | 9 | This repository provides two scripts that can be used to extract sensitive data from these environments, helping you gain access to crucial information. These tools have been successfully used in both Bug Bounty hunting and CTF challenges, assisting in the identification and exploitation of security flaws. 10 | 11 | ## Features 12 | 13 | - **Metadata Extraction:** Gain access to restricted metadata. 14 | - **User Data Extraction:** Retrieve user-specific data from environments like AWS. 15 | - **Bug Bounty and CTF Ready:** Tailored to meet the needs of security researchers and CTF participants. 16 | 17 | ## Usage 18 | 19 | 1. Clone this repository: 20 | ```bash 21 | git clone https://github.com/Lu3ky13/Unauthorized-Access-to-Metadata-and-User-Data-like-CTF.git 22 | --------------------------------------------------------------------------------