AWS Fortress guide – HTB

TIPS that can help complete the AWS fortress.

Source: https://app.hackthebox.com/fortresses/7

INTRODUCTION

This article is not a write-up. You will not find there any flags or copy-paste solutions. Instead, there are plenty of reference links and commands that I found helpful in the process of passing the AWS fortress.

SERVICES DISCOVERY

Always enumerate every IP address you have during the engagement.

MANUAL WAY

For this purpose, you can conduct the recon of the target manually using:

Source: Own study.

AUTOMATIC WAY

You can also choose a more automatic way of service enumeration with:

Source:https://github.com/Karmaz95/crimson#diamonds-crimson_ipcon-diamonds

WEB ENUMERATION

There are many steps in the web reconnaissance phase. Ensure you do it thoroughly, so you will not miss any information.

VHOST DISCOVERY