TIPS that can help complete the AWS fortress.
This article is not a write-up. You will not find there any flags or copy-paste solutions. Instead, there are plenty of reference links and commands that I found helpful in the process of passing the AWS fortress.
Always enumerate every IP address you have during the engagement.
For this purpose, you can conduct the recon of the target manually using:
You can also choose a more automatic way of service enumeration with:
There are many steps in the web reconnaissance phase. Ensure you do it thoroughly, so you will not miss any information.
If you find any web servers, do not forget to enumerate virtual hostnames.
I found it hard to brute-force the paths and parameters because of the fortress instability, but to be sure, you can use the command below:
Additionally, tip regard to directory brute-forcing is always to try to guess the API version number if you ever encounter the
I prepared a short script to automate this task a long time ago.
I still use it today and recommend it for the web crawling process: