Investigating IAM Incidents in AWS: Preparation - Question 7
For the question: The ‘MetrolioQA’ IAM role in your account grants write access to a ‘metrolio’ role from another account. What is the full name of the external principle? I can't seem to find insight onto the role. I am wondering about what is the location of the GUI I should be looking into more of. I have mostly been digging throughout the csv download for any possible insights as well as the IAM access analyzer but I cant seem to get any good leads. Done through the MetrolioIAMAnalyst AWS role account. Summary: I am wondering if there is any direction that can be provided in which I can look into more for finding external principles.Modern Encryption Issue
I'm on the last training under Modern Encryption training. I'm getting this error: ─$ openssl enc -des-ede3-cbc -d -pbkdf2 -nosalt -in encrypted_file_3DES.enc -out DES3 enter des-ede3-cbc decryption password: bad decrypt 139655774025024:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610: The key is in text file from previous steps. I'm on step #7. I used the same syntax for decryption as earlier in this series. I tried various things, but still getting this error. I added the -a switch as well.
CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?CVE-2022-30190 (Follina) ms-msdt Scheme Abuse – Offensive Question 11
Hey guys, wondering if when trying to upload the payload for "Question 11: In a browser, visit http://<TARGET_IP>:8080, upload the payload.docx file, then press Submit and Execute" if this error is supposed to be generated. After choosing the file after clicking browse sometimes this work. After executing nothing seems to happen though. even after 30 seconds of waiting.
