Member-only story
Attack on AWS S3 via SSRF
This article is based on a true incident that happened with Capital One, where almost 106 million customer accounts were breached. Paige Thompson was accused of the following incident.
We are going to understand how the attack happened and where the vulnerability resides so that you can find and report similar in your next voyage to safely secure the firms. To make it crystal clear and interesting I am going to use an analogy here, where I created a fictional story with characters included from the famous show Mr. Robot.
Before starting let’s clear some facts that we should keep in mind during the story, according to the report by KrebsOnSecurity, Paige Thompson exploited SSRF (Server Side Request Forgery) vulnerability to access AWS cloud endpoints.
So SSRF vulnerabilities are most commonly encountered when either :
- There is an attribute where some kind of file generation methodology is being used such as PDF generation.
- File upload for instance uploading scanned documents, images, files, etc.
Let the story begin
Elliot needed to take down ECORP, with their new financial laws and supremacy at the market, it’s high time for someone to step up and act and that’s what Elliot does.
Elliot plans his attack on ECORP, first, he visits the website:https://www.Ecorp.com. Elliot already has registered a Bank account at Ecorp (Because who hasn’t they are the Central authority of monetary control now), so he tries to login into that.
URL: https://www.Ecorp.com/login
Username: Elliot
Password: qwerty
After successfully logging in, Elliot begins his move which is commonly called analyzing the attack surface.
Attack surface mapping is the process of analyzing the applications core functionality, business logic, and control flow to identify potential ways through which an attacker can communicate or interact with the application.
