Skip to content

Instantly share code, notes, and snippets.

@gdyr

gdyr/Three (Hints).md

Created March 7, 2023 20:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gdyr/9bea3d06d8efe293ee09b8f5e843cdbe to your computer and use it in GitHub Desktop.
Save gdyr/9bea3d06d8efe293ee09b8f5e843cdbe to your computer and use it in GitHub Desktop.
Download ZIP
Three (Hints)
Raw
Three (Hints).md

Hints

Hint 1 You don't need any credentials or secrets to access a public bucket. However, the AWS CLI requires them to be set. You could get around this by using cURL, amongst other ways.
Hint 2 S3 can be used to host static sites - that is, simple websites.
Hint 3 It is common to name the bucket that contains the website files after the domain name. For example, the website "mywebsite.fake" may be stored in the "mywebsite.fake" bucket.
Hint 4 The bucket name can be given as the first part of the path of a web request to an s3 endpoint. For example: `http://s3.mydomain.com/mybucket/`
Hint 5 Public buckets will let you upload, as well as download. E.g. `curl -X PUT http://s3.mydomain.com/mybucket/myfile.txt -d @myfile.txt`
Hint 6 The website seems to be hosting PHP files in the bucket.
Hint 7 PHP runs on the server, so being able to upload our own PHP code could be very useful.
Hint 8 The "find" command can be useful for finding a specific filename on the system. E.g. `find / -name secret.txt`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment