AWS Fortress guide – HTB

TIPS that can help complete the AWS fortress.

Source: https://app.hackthebox.com/fortresses/7

INTRODUCTION

This article is not a write-up. You will not find there any flags or copy-paste solutions. Instead, there are plenty of reference links and commands that I found helpful in the process of passing the AWS fortress.

SERVICES DISCOVERY

Always enumerate every IP address you have during the engagement.

MANUAL WAY

For this purpose, you can conduct the recon of the target manually using:

Source: Own study.

AUTOMATIC WAY

You can also choose a more automatic way of service enumeration with:

Source:https://github.com/Karmaz95/crimson#diamonds-crimson_ipcon-diamonds

WEB ENUMERATION

There are many steps in the web reconnaissance phase. Ensure you do it thoroughly, so you will not miss any information.

VHOST DISCOVERY

If you find any web servers, do not forget to enumerate virtual hostnames.

Source: Own study — virtual host enumeration.

DIRECTORY BRUTEFORCING

I found it hard to brute-force the paths and parameters because of the fortress instability, but to be sure, you can use the command below:

Additionally, tip regard to directory brute-forcing is always to try to guess the API version number if you ever encounter the /api/ endpoint:

Source: Own study — dir wordlist.

WEB CRAWLING

I prepared a short script to automate this task a long time ago.
I still use it today and recommend it for the web crawling process: