avishayil / caponeme Goto Github PK

Hi,

Under mitigation 1: I was doing this mock using my Windows laptop and used internet browser to access the vulnerable app. Is this what the "Now switch to the "hacked" shell is referring to. Could/should it say "Now using your browser"?

Also, "Now switch to the "hacked" shell and try to run the vunlerable web application. What happens?" -> vulnerable is misspelled.

Regards, Matt

Hi, I've just tried running the CloudFormation template. It got stuck on SSRFInstance creation for 20 minutes before telling me "In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit https://aws.amazon.com/marketplace/pp?sku=c1jifmii8vw5xd0npsnf9eza9"

Could you please include these steps:

Getting Started

• Make sure you have the latest version of awscli installed on your terminal.
• Make sure you run this from the us-east-1 (North Virginia) region on the AWS Console.
• Visit https://aws.amazon.com/marketplace/pp/B072JNJZ5C/ click on "Continue to Subscribe" and then click on "Accept Terms".

Thanks, Matt

Hi,

Just a very minor point, but you may wish to amend the second bullet point so that it doesn't include the IAM role name from your scenario (i.e. make it clear to user where to insert their IAM role name into the URL) such as:

Discovering the contents of the S3 Bucket

• On the web application, type the following to get the IAM role name: http://169.254.169.254/latest/meta-data/iam/security-credentials
• Using the IAM role name you got on the previous step, discover the AWS credentials http://169.254.169.254/latest/meta-data/iam/security-credentials/[IAMRoleName]

Regards, Matt

Hi, when I first loaded the web URL using Firefox it loaded a webpage with 4 buttons and references to Bitnami. It wasn't the "Server Side Request Forgery" page. I discovered what the page should be when I opened it in Chrome. Since doing this, it has now loaded correctly in Firefox.

It had left me puzzled as to how to complete the rest of the exercise because the "Submit Query" form wasn't showing. I wonder if it's worth including a screenshot of the page the user should expect to see in the README. Something like:

This is the page you should expect to see:

I get You are not authorized to perform this operation. Encoded authorization failure message when trying to delete stack and ec2, suspect might be related to the AMI?

Hi, you have a typo in the readme:
"allows AWS credentials being compormised" -> (compromised)

Hi, could you please update the README, in the Discovering the contents of the S3 Bucket section:

• If using Linux, type the following on your terminal to impersonate the IAM role

export AWS_ACCESS_KEY_ID="<access_key_id>"
export AWS_SECRET_ACCESS_KEY="<secret_access_key>"
export AWS_SESSION_TOKEN="<session_token>"

• If using Windows, type the following on your terminal to impersonate the IAM role

set AWS_ACCESS_KEY_ID=<access_key_id>
set AWS_SECRET_ACCESS_KEY=<secret_access_key>
set AWS_SESSION_TOKEN=<session_token>

(Note: Do not include quotes when setting Windows env variables.)