Winja CTF, Quiz #3 — WriteUp

Winja CTF is an initiative by nullcon, they already posted a few interesting quizzes, quiz#2 was about android Reverse Engineering, my friend did a good job and actually won the quiz, so check the amazing writeup — winja ctfquiz#2 — writeup

What Quiz#3 is about?

Amazon Cognito

Getting AWS credentials

AWS Cognito supports both authenticated and unauthenticated roles. Each role can have a different IAM permission set.

  • The identity pool needs to have an unauthenticated role

After configuring AWS credentials we can access it

The following command Returns details about the IAM user or role whose credentials are used to call the operation.

Never mind the tee command, my terminal outputs it on full screen…

After that hint, I tried to somehow guess the s3 name…

Because, With these credentials, we can’t just ls and see s3 buckets

Getting the flag

After trying every available option I had, I looked at this Photo again and ….
Oh Crap!

Born at a very young age.