CloudGoat walkthrough series: Remote code execution

This is the sixth in our walkthrough series of CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security Labs. It is used to deploy a vulnerable set of AWS resources and is designed to teach and test cloud security penetration testing via issues commonly seen in real-life environments.

This walkthrough assumes you have CloudGoat set up on your Kali Linux. You can use our post (Working with CloudGoat: The “vulnerable by design” AWS environment) as a guide in deploying it.

Scenario summary

Starting as the IAM user Lara, the attacker explores a load balancer and S3 bucket for clues to vulnerabilities. This leads to an RCE exploit on a vulnerable web app, which exposes confidential files and culminates in access to the scenario’s goal: a highly secured RDS database instance.

Alternatively, the attacker may start as the IAM user McDuck and enumerate S3 buckets, eventually leading to SSH keys that grant direct access to the EC2 server and the database beyond.

Based on the scenario summary, we can tell that there are two IAM users and they both lead to the same goal.

Goal: Gain access to sensitive information stored in the RDS

Read More: