three
Three — Pwning a Website via a Misconfigured S3 Bucket A deceptively simple Starting Point box, Three demonstrates how a misconfigured S3-compatible storage backend can turn a static-looking website into a remote code execution vulnerability. The attack chain is short but teaches a genuinely common real-world pattern: enumerate subdomains, find exposed cloud storage, write a webshell, get a shell. Reconnaissance Port Scan Standard nmap to start. Two open ports — SSH and HTTP, nothing exotic. ...