Cloudgoat SNS_Secrets Walkthrou

Thu, 21 Aug 2025 00:00:00 +0000

Initial Access / Credentials

sns_user_access_key_id = AKIA[REDACTED-CTF]
sns_user_secret_access_key = [REDACTED-CTF]

AWC CLI profile creation

aws configure --profile sns
AWS Access Key ID [None]: AKIA[REDACTED-CTF]
AWS Secret Access Key [None]: [REDACTED-CTF]
Default region name [None]: us-east-1
Default output format [None]: json

-Created an aws profile with the credentials given

IAM Enumeration with `sns` credentials

whoami

└─$ aws sts get-caller-identity --profile sns 
{
 "UserId": "AIDAUGVOUJQILY3KHBHBA",
 "Account": "289202785296",
 "Arn": "arn:aws:iam::289202785296:user/cg-sns-user-cgid6j1kvw51kk"
}

Got username cg-sns-user-cgid6j1kvw51kk

List Users Roles Policies and Groups

aws iam list-users --profile sns 
aws iam list-roles --profile sns
aws iam list-policies --profile sns

aws iam list-groups-for-user --user-name cg-sns-user-cgid6j1kvw51kk --profile sns
{
 "Groups": []
}

We dont have permission to list users, roles, policies but we did for groups which it seems nothing is there

Hacking Blog

Cloudgoat SNS_Secrets Walkthrou

Initial Access / Credentials

AWC CLI profile creation

IAM Enumeration with sns credentials

IAM Enumeration with `sns` credentials