#attacking-defending-aws

☁️

wow, ☁️ content

Thanks for creating this channel! I just joined today and finished the AWS 101 room

Let us know how it works out, I'm aiming to hit this path soon along with other projects

Will do 🙂

Nice and that is part 1 done!

I was just wondering, does anyone know if I will have to spin up and pay for my own instance of AWS to complete this course? Or is it like the others where they provide virtual machines to remote into?

You'll need to spin up THM's I assume.

As they wiill have the credentials and what not for the instance

https://tryhackme.com/r/attacking-and-defending-aws

Thank you! I Missed that

Hopefully you'll have a lot of fun with it

Ooo nice this is going to help me with my aws sec certification

Ah I asked this question yesterday. Are you new to AWS? I am. I was wondering if just by using this thm course if it is enough to pass any of the AWS cert exams. What do you think?

I am familiar with AWS, I have been using it for the past 5 years it is just that I never been doing much of the security aspect of it and nothing remotely close to pen testing.

As for the cert exam, I am not worried about it, a good course and several good practice exams are more than enough to pass most of AWS exams.

I am intereseted in the practical aspect of it.

It is not enough to pass any of the AWS certs

Sorry. I can’t afford this add on. Oh well.

I completed this module a couple of weeks ago. The content was great. I really enjoyed the last three sections, and I learned a lot. The first two sections are focused on teaching you the AWS Cloud environments and services. It was like a refresher for me, but I think it will be great for novices just getting started in the AWS Cloud Ecosystem. It was very expensive considering you only get 90 days of access. I spent a weekend completing the learning path, and I would consider it fun learning.

HI Is anyone else having routing issues on the room AWS VPC - Data Exfiltration?
I originally kept getting error messages
" There was an error generating your environment. Please reset your environment or contact support."
But support eventually told me that everything looked ok .
So I kept going anyway. I got everything but the last question.
It seems that I did the route and the security group and the NACL correct.
But that IP is not routing.
I am going to have to reset the environment and try again i guess. I dont know if I did something wrong or not.

I guess that is why they opened this room finally - so that we could solve our problems together and not bother support ?
I was hoping for more considering how much I paid to get access to this. 💰
Anyone else having issues likethis? Did I skip a step or something maybe?

OK - i got the thing to route. 🎉
I just added my "special" route to ALL of the route-table-ids that i could find.
I am going to have to go back and find out why i thought I added the correct route-table-id but yet it did not work.
The name of the secret weapon almost makes it worth all the BS that I had to deal with for this room. 👽

Which task did you get stuck?

thanks , i was stuck on the last question in the room AWS VPC - Data Exfiltration - see my previous post.
I just added a route to ALL the tables until it worked.
either I was not paying close enough attention or the "real" vpc is simply more complicated than the vpc in the task.
cheers!

And that is the 2nd block done! 🙂

I couldn't get the very last one to work when I was trying to switch to ahsoka though :/

I exported the secret access key, token and id but nada

Anyone else get this issue too?

For me , Ahsoka was not a profile but it was a role to assume via "aws sts assume-role" . I think i was using the "default" profile - meaning the one set up for the room. Maybe I am not understanding what you are asking though. 🤷

Sorry I meant this part fails for me and returns an error;

Hi, can someone help with the "Amazon EC2 - Data Exfiltration - Phase 3 - Initial Access". I am following the instructions and trying to get a reverse shell from the target ec2 machine to the AttackBox, but not getting anything.

do you need to pay extra to unlock this

Yes

That sucks

Thanks tho

I am unable to generate a new environment for this room, since I keep getting a 502 error. 🥲

Resetting doesn't fix it either, since I need to list the load balancers.

Did you create the ahsoka aws config profile locally on your AttackBox or Kali?

From Kali

You can double check profiles using aws configure list

I'm trying to the module for attacking and defending core services - AWS S3 attack and defense but the environment is still stuck in the STS credentials lab. It won't let me reset or regenerate to get the correct permissions to restore the image to the bucket

Any ideas how to fix the aws environment?

Do you get a 502 when clicking generate environment?

Yes, I do

Same for me in another room. Perhaps there's something wrong then...

DM me your AWS account ID (12 digit) @frosty monolith @covert glacier

I am stuck on task 8 of AWS S3-Attack and Defence, when I need to restore the image. I get access denied. I even tried regenning the environment and updating the credentials with aws configure. Can anyone point out what I'm doing wrong? I even typed it word for word from the video tutortal I am watching. I also tried it without sudo and same issue

I also tried to create the missing policy but I'm not allowed to

Do you have access to AWS CloudShell? Let me send a DM for you to run a command.

Yes the environment in the browser is working

Anyone else's AWS credentials still stuck? 😦

Can you please retry to generate the environment? It should be working now.

Nothing yet 😦

All fixed now. 🙏

Did you figure it out, as I saw you posted something this hour?

Yea haha. I'm learming when the code all humbles together to just walk away for a few minutes and come back with fresh eyes lol

Yeah, the longer the commands, the more it can become Bezos spaghetti.

How you guys memorise the syntax is beyond me lol

In AWS CloudShell, while typing a long aws command and using the tab key, it will attempt to auto-complete words if they are unique, double tab will give a list of possible options.

Here is an odd one. It says to select this but I don't have it

It's task 3 of this room:

Should be there. I just checked for that room. Check in CloudFormation whether one of the 3 stacks is StackSet-understanding-ec2* select this stack, select the Resources tab, there should be entry in there called InstanceProfile with PhysicalID Ec2RoomInstanceProfile with status CREATE_COMPLETE.

What is this room even about?

Hello guys,
In STS Credentials Lap room
When I trying to create user , it’s seems I don’t have permission to create user
How can I fix it ?

No so these are the only 3 I have:

I see, since this is another room, it requires to generate a new environment for it that provide the resources needed. 🙂

I’m so confused because I generated it in this room 😄

I'll try again

You da best Tim

In the room "AWS Encryption Services" I assume we are not allowed to create and validate the TLS Certiticate, probably for safety reasons. Is that so? I get a permissions error despite resetting the environment.

Can you open the cloud shell? Can you run
aws kms create-key ?

i am also stuck on awsencryptionservices room
Been trying to work on the KMS/encryption room since last week.
Support seems to barely tolerate me -
They were able to get the environment to finally generate. But I have no permissions and I can not even open the "cloud shell"
I never had a serious problem with any of the thm rooms until i dropped a ton of cash on these.
Its depressing.

Sorry for the delay, I confirm I can't open the cloudshell on this environment, nor create a kms key from the attackbox

oh - i reset mine yet again today and that seems to have done it. 🥅 🙌
I can get to the cloud shell, so i can probably run the commands in the room as well

i will check out the TLS bit when i get some time to play. cheers

Not for me unfortunately, I tried to reset twice. Not a big deal since the lab for this room is quite limited, but still, I would like to follow the commands.

Which command are you trying?

That's a good first thing to do when an environment for a room has generated, attempt AWS CloudShell. 🙂

so i was able to get into cloud shell and i was now able to run
$ aws kms create-key

And a key was created
But as soon as i tried to run the 2nd command in task 3 i got an error:

[cloudshell-user@ip-10-132-45-116 ~]$ aws kms generate-data-key --key-id baba02dd-a3e0-4697-8c59-1fa6f4bde36f --number-of-bytes 16

An error occurred (AccessDeniedException) when calling the GenerateDataKey operation: User: arn:aws:iam::058264512909:user/058264512909 is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-east-1:058264512909:key/baba02dd-a3e0-4697-8c59-1fa6f4bde36f because no identity-based policy allows the kms:GenerateDataKey action
[cloudshell-user@ip-10-132-45-116 ~]$

I dont think that resetting the environment between every command is the answer, so i did not try.
This is awsencryptionservices where i have been since last week because of the aws environment issues.

The second command is intended to error. It mentions it in task 3. 🙂

It intends to show that even when you can generate a key, without having other permissions, you can not use the KMS key.

This is because only the kms:create-key and kms:describe-key permissions are granted in this environment, and not the kms:generate-data-key permission. TLDR: you can create a key, but can't use it to create a data-key.

The first one in task 5. aws acm request-certificate --domain-name (my account id).bestcloudcompany.org --validation-method dns

DNS in capitals. 😎

I was writing from my phone so I made that typo, but essentially I copy pasted the command in the room task. The problem was a lack of permissions, which I wasn't able to solve despite resetting the environment.

I couldn't even list the dns zones

As always thanks for your help

Hello, are you still on this room? 🙂

well after getting all the errors with aws kms create-key i did not read ahead. im glad I asked here as well as in support. thanks

Gave +1 Rep to @flint arrow (current: #15 - 427)

ok thanks, i was able to finish the room, cheers!

Gave +1 Rep to @flint arrow (current: #15 - 428)

I am working through the STS Credentials Lab in the AWS module and I get access denied when attempting to create the user “padawan”. According to the room I should have the ability to do so.

I have already reset the environment. Does anybody know how to get this working?

Did you get this resolved?

Error is “not authorized to perform: I am:CreateUser on resource”

I generated a new environment and I still receive the same error

can't create the login profile if the user doesn't exist and can't create the user because it appears I do not have permission

can't generate an access key because the user doesn't exist

can't generate an sts token and I can't gain temporary credentials by using the curl command from a previous module

the lab even starts with "we will walk through the creation of a new IAM User and an IAM Access Key for that user."

and the commands provided do not work

some help would be appreciated because I'm stuck

i am also having lots of issues with the AWS "environment"
This is what i would reccommend:

Log into the aws console ( website ) with the info in the credentials modal pop-up thing.
Use the link and the username and the "Default Console Password:"
Then try to open up the cloud shell in aws console - the terminal .
If you get an error opening cloud shell then screenshot it.
If you DO get the shell / terminal then paste the commands into that
First run
aws sts get-caller-identity
( just for good measure )
Then run the command that is in the module task:

aws iam create-user --user-name padawan

If you cant get to cloud shell OR if you can but can not run the create-user command then open a ticket in the support chat bubble. You might have to turn off some of your browser protections to see the chat bubble, but that's capitalism for you.

You can expect to have to wait many days for support to even though this is like a 💰 400 module. Support seems to treat everyone as non-paying users . Or maybe thats just me 🤷
-nonattribution

I'll give it a try - thanks for the reply

Gave +1 Rep to @coral charm (current: #804 - 4)

Good evening all. Can anyone tell me what I am doing wrong here please?

I'm in the AWS Data Exfiltration room

i would either reset your ENV - or try to run that in cloud shell. I can't remember if you can use the cloud-shell in that room.
I can

i can not check myself as i am struggling with the env on a different room.
and i do not have the permissions to run "DescribeLoadBalancers" in my env

Okay I'll give the reset a try

Thanks

That's an interesting one.

Yeah I think AWS hates me Tim :/

It loves you and wants you to be happy. 😄 This one I have to check a bit deeper and see if I can replicate. There should only be one ELB provisioned, so it is not true spaghetti.

The load balancer is called SSRFLoadBalancer, does not give the attack vector at all. 🤔

i feel really bad saying this. but check your local system time.
That is the ONLY thing that i have found ( googled ) that would cause that error so far

Yup so my time is the same as my host system

How long does resetting usually take? I feel like mine is stuck

a bunch of minutes, several minutes. its why i hate doing it. but one of the support form questions is " how many resets did you try" ( like its my fault for not trying hard enuf?? )

good luck, i must run , ( still curious about this one tho)

i solved it 🙂

but now i'm stuck with this 😦

What is the flag in the WordPress profile of the user?

any hint 🙂

Can't reproduce your issue so far.

@charred patrol Can you try the following command (output should be: None):
aws elbv2 describe-load-balancers --query LoadBalancers[1].DNSName --output text

It is on the WordPress on the site, access the special portal, using the credentials you found on the restored AMI (backup).

Going through the Attacking/Defending AWS, I've generated my environment, but my credentials keep coming back as undefined. I've waited several minutes because I know some environments take a bit to spin up. After that, I reset the environment and waited again. Still coming back as undefined and cannot login. Any tips? Thanks.

I am stuck on EC2 - Data Exfil still as well as having issues with room generation. I can perform every step of the lab except the revshell. I am unable to communicate with the applicationinstance from the OpenVPN or the AttackBox. My routes are correct and from looking at the network settings on the instance, they also appear to be correct but communication between me and the instance is a no go no matter what I try.

I'm still in the IAM section. I've already regenerated the room but I don't to do it again since we're limited to 3 / 24hr. Going to just let it sit a for a while and try to refresh in a bit. Can't do anything without the creds lol

This is not just an issue with the specified room, I am now noticing. I am also unable to communicate with the instance that was assigned a public IP in the VPC Data Exfil room.

According to support there is a limit on the number of times you can reset cloud details. Can’t even access cloud shell anymore

Hey all. Does anyone see what I am doing wrong here? I copy pasted the commands but still getting errors:

I'm in this room:

Do those instance IDs exist? What’s your output from the step where you write the instance information to the text files?

Yup that is where I copied it from

I ran these twice now but same issue

I even cat the reverse_shell to make sure it matches the attack box ip I got from curl intend.me

24 hours later, I've reset my env and still cannot get access. Just curious if you're still having issues?

I’m still having the same issue but mine is also telling me it can’t generate the environment. I’ve been having these issues since the day I bought the course so it’s going to be a slow journey. I’m assuming there is something misconfigured on the aws side keeping these instances from communicating with the attack box/vpn

Unfortunately, issues have become normal in the env ):

I reached out to them here https://tryhackme.com/r/contact I'll let you guys know when I hear back.

I’ve submitted numerous tickets throughout several of the tasks when I thought it was separate issues. No response yet. We will see

Hello good day, can someone help me with the room Amazon EC2 - Data Exfiltration?
with task 3: Phase 1 - Initial Access / Credential Access
Im trying to do this:
root@ip-10-10-185-153:~# aws configure

AWS Access Key ID [None]: AKIA**
AWS Secret Access Key [None]: ****
Default region name [None]: us-east-1
Default output format [None]:

But i get a message saying:Connect timeout on endpoint URL: "https://elasticloadbalancing.us-east-1.amazonaws.com/"

I managed to get a reply today and was able to get logged in. The env is still pretty buggy but I guess it's better than nothing..

Thanks for the update! I’m still waiting on my reply but I’ll try it out and see how it is. Would be interested if you have any luck with the EC2 capstone. Good luck and thanks again!

Gave +1 Rep to @magic sentinel (current: #2000 - 1)

My rooms do not generate now and I get an error that tells me to contact support.

I still have a ticket opened that I’m yet to get a response on.

I’m about ready to request a refund. This shit is broken.

“There was an error generating your environment. Please reset your environment or contact support.”

After a reset it’s the same

same thing i haven't be able to continue the path because the support chat take ages to respond, its been almost two weeks and the error its still there

Hello everyone I'm in the AWS S3 - Attack and Defend Task 8 and whenever I try to generate the AMI from the Image I keep getting an Access Denied. I type AWS configure to configure my enviornment but still nothing. I've reset my environment about 3 times now but still nothing any help would be appreciated!!

Ok for some reason it randomly started working so thanks

I’ll give it this week before I escalate but I’m expecting a comp on time lost as well.

Just sent a message in "room-help", but I think this channel is more appropriate:

Need some assistance with Task 8 from https://tryhackme.com/room/awss3service . I'm supposed to find the flag in the profile of a WordPress user. I managed to log in to wordpress via the user's credentials, however there is no flag to be found in this profile (/wp-admin/profile.php).

Try Hack Me support has said it’s an issue with AWS and their support team has been engaged.

I’m guessing I’ve entered the black hole of support. I’ll be making my decision by end of this week.

You'll have plenty of time to finish it even with bugs, I had this issue in 3 different rooms and even with a long delay, it's doable

If the room you're doing is broken, you can switch to other rooms in the meantime if you don't want to loose time, other than that yeah I do agree it can be quite annoying

It's supposed to be in profile => biographical infos

Did you ever figure this out? stuck there too

Unfortunately this field is empty...

I hope so - as of now I cannot do anything and even trying to request a certificate gets me errors regarding permissions

aws acm request-certificate --domain-name blah-blah.bestcloudcompany.org --validation-method DNS

An error occurred (AccessDeniedException) when calling the RequestCertificate operation: User: arn:aws:iam:🅱️lah-blahuser/blah-blah is not authorized to perform: acm:RequestCertificate on resource: arn:aws:acm:us-east-1🅱️lah-blahcertificate/* because no identity-based policy allows the acm:RequestCertificate action

Guys I might give up on this room

Too many issues and they aren't getting resolved

I cannot even do the AWS encryption services room. I reset the envir many times and it still doesn't give me access to the cloud shell. Have any of you completed this room?

support has been useless and it isn't worth the frustration

When my environment breaks (which support still cannot fix) I just move on to the next without completing the last. I'm not going to get a cert but at least I'm still trying to learn something

there's an error in the code on the AWS Lambda room and I have no idea how people got through this section as the code doesn't work.

THM needs to fix the typo in the code:

There's a typo in the line within the loop where it says os.environ[key]. It seems like there's an extra space, and it should be removed.

def lambda_handler(event, context):
logger.debug("Received event: " + json.dumps(event, sort_keys=True))
for key in os.environ.keys():
logger.info(f"{key}={os.environ[key]}") os.environ[key]
return(event)

that's the code

it should be this

def lambda_handler(event, context):
logger.debug("Received event: " + json.dumps(event, sort_keys=True))
for key in os.environ.keys():
logger.info(f"{key}={os.environ[key]}")
return(event)

Shit so what do we do? That course was expensive. At least for my underpaid self lol

get as far as you can and keep pestering support, that's what I'm doing

There are no URLs in that message.

Still can't find the flag.. The biographical info field is empty. Can anyone share the solution here?

Hey there. Can I have some help please with the AWS IAM Enumeration room please? Task 4 wants us to install quiet_riot. It is giving me an error when I try to install it which I cannot seem to bypass. I looked on their github but it isn't listed in the issues

ERROR: Cannot uninstall charset-normalizer 3.3.2, RECORD file not found. Hint: The package was installed by debian.

I finished!

Shame there weren't any badges though 😦

Hey man, Can you help me with Task 8 from https://tryhackme.com/room/awss3service ?

And congratz btw

I am having issues with EC2 Data Exfiltration when trying to gain the initial reverse shell from changing UserData. I've used my Public IP address but the ApplicationInstance does not attempt to call back to my listener. Any help please?

having the same problem as L3UM... can't get the reverse shell connection to work

I can connect to the listener (on AttackBox) from my local so the IP is correct but can't get the EC2 intance to connect even after a few stop/start attempts. the userdata is updated, I've downloaded it

@flint arrow ?

I was really excited to tackle this learning path but was very surprised on how much it was!

in terms of cost or content ? 🙂

Cost

I'll let you know if it pays off :))

Hi! Can someone please help me, the cloud details always provide undefined credentials so I cannot login to AWS environment and can't finish the room.

I tried to reset the environment or generate but still got the undefined creds.

If you verify, you can send a screenshot of whats happening

I always got this creds

Whenever I tried to reset the environment it always like this

Hello, I've sent a request to have this fixed. 🙂

Thanks, what info should you need please to have them fix in my account?

Gave +1 Rep to @flint arrow (current: #16 - 438)

No worries, I've relayed your account info to reset your AWS account, so it will generate your AWS credentials correctly.

Thanks so much. How long will it take to reset my AWS account?

Gave +1 Rep to @flint arrow (current: #16 - 439)

Hey! I am currently studying IAM Permissions room in Introduction to IAM course and I think I might found an error or I just can't understand smth.

In task 7 Conditions there is th following statement:

{ "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::my-logs-bucket/AWSLogs/AccountNumber/*", "Condition": { "StringNotEquals": { "aws:SourceVpc": "vpc-abcdef2", "aws:PrincipalServiceName": "glue.amazonaws.com" } } }

And there is a question

The Glue Service, running in vpc-12345, can write an object to the my-logs-bucket? (T/F)

I think that the answer is undefined, because for this policy to take action we need to have two conditions match simultaneously, but because the Glue Service is accessing the bucket in our question, we should skip evaluating this policy. Am I right?

Hi there,
I'm having the same issues as user Kash above.
The cloud details always provide undefined credentials.
I've tried generating and resetting the environment, but still get the "undefined" credentials.
See picture attached.
I have created a ticket two days ago, but still waiting for a response, hence why I'm here asking for help.
Please and thank you.

Did you notice the difference from "aws:SourceVpc": "vpc-**abcdef2**" and the question is about vpc-**12345** ?
Given that these are different VPCs the condition* won't match, therefore denying access to my-logs-bucket.

Yeah, you are right that source vpcs are different. But do you see the “Effect”: “Deny”? So if the policy condition does not match, it is not applied.

Thus it is not explicitly denied at least

Yes, but is the other way around... The Effect is to Deny all "*" principals to do "Action": "s3:PutObject" in the "Resource": "arn:aws:s3:::my-logs-bucket/AWSLogs/AccountNumber/*"
Unless ""Condition" is met* Which is to be both "aws:SourceVpc": "vpc-abcdef2", *AND* "aws:PrincipalServiceName": "glue.amazonaws.com"

To phrase it in simple terms, is that if the below condition is not meet, then deny access to write to my-logs-bucket

      "aws:PrincipalServiceName": "glue.amazonaws.com"```

This is true, BUT this policy does not explicitly allows, only explicitly denies. And in AWS we have an implicit deny be default.

So my logic here is: condition is not met -> policy does not explicitly deny -> do we have an explicit allow policy? Well, looks like not -> implicit deny

The policy explicitly denies everything is not equals to the condition. Implicitly allowing the condition.

Are you sure about that?? So you wanna say, that everything that is not denied is allowed? That seems strange to me.

Sure about my boolean logic? Yes, I am 🙂
The questions is asking whether or not vpc-12345 has writing access to my-logs-bucket which based on the policy it does not. No argument there, right?

What you're referring about the implicit allowed does not affect the question whatsoever.

But yes, there would have to be another policy explicitly allowing writing access to The Glue Service, running in vpc-abcdef2

Yeah, now I agree with you 100%

I think that “based on the policy” is very critical here and it is not stated in the question. The question asks about write permission in general. So this question actually misleads and someone could learn from it that the writing access is granted only by this one policy, which is not true.

I mean, learn that “everything that is not denied is allowed”

Well... It does say:
"Given this Statement: "
...
"Answer the questions below"
😅

Okay, no problem here. At least, I validated that I understood the IAM permissions correctly🙂

Hi there

Hi guys, got another problem on my aws. The credentials provided was wrong so I cannot access again the AWS environment.

I tried to reset it multiple times, but the error persist

Hello there. I am stuck in the AWS S3 - Attack and Defense room - Lab S3 Abusing the Substrate, as I cannot answer the following question: What is the flag in the WordPress profile of the user? I already searched for the flag in the local files on the EC2 instance and also on the wordpress instance in my browser (through port forwarding), but I do not find the flag. Am I missing something? Thanks for the help. 🙂

You need to visit bestcloudcompany.org/wp-login

Put in the creds you found and you'll find the flag there

Hey guys.. I am trying to do the AWS API gateway and this is taking forever to generate. Any suggestions on what to do?

Try leave the room and join back, it should give you the option to regenerate

@raw mural
I did the 'Leave' thing but when I tried to 'join' again it seems like I was still in it?

Is the cloud details still generating?

Indeed the environment state is still generating.
The credentials are the one of the previous room (Lambda Data Exfil) not the one of the current room.

@flint arrow Seems AWS environment is stuck on Generating

When you refresh the room page, can you please check whether it shows the new environment for AWS API Gateway has been successfully generated?

Just refreshed the room page; no such message unfortunately. 😦

Still the same.

Strange, as the AWS API Gateway environment did generate successfully for your AWS account. Will have to investigate further.

If I am logged in to the AWS console using the given credentials, what command can I run to be sure that those credentials are for the correct room (this AWS API one?)

My main problem is how it is stuck on a button level so I can't run it again from any other room.

AWS account credentials are always the same to access the AWS console, they don't change based on room. What does change based on room are the resources deployed in the account.

Will have to investigate this one further. 🙂

Just want to confirm that I've finished this room (AWS API Gateway) and I was definitely able to access the resources for it.
Now hoping to be able to generate rooms again so I can access "AWS IAM Initial Access" whenever possible.

Can you try this page and see if you get the Generate Environment button?
https://tryhackme.com/r/room/awsiaminitialaccess

Strange, will have to investigate further. 🙏

Basically the page somehow is not up-to-date:

userId:"REDACTED"
operationState:"SUCCESS"```

Any ideas for how I can give it a kick?

I'll send a DM with a link to try.

Thanks a lot. This was the missing piece. 😋

Gave +1 Rep to @raw mural (current: #61 - 114)

I think I will need an extension on access to AWS while my case gets fixed.

Is this course worth the 400 dollars?

375

i mean... idk it depends... if you're hurting for money, doing a few extra labs isn't going to change your life.

having said that, you can generate vulnerable AWS environments on demand to practice

and if that's worth $375 to you, then sure

thx

Can someone help me understand this? Given the operator is "StringNotEquals" but the request is coming from "glue.amazonaws.com", shouldn't that match the condition not being false and therefore allow a write?

The effect is an explicit deny, so in this case the VPC Id does not match, so the write is disallowed.

I guess what I'm asking is given the implied AND, does it need to be that exact VPC AND service to get past the deny effect or can it just be one of those in the conditions?

It is an OR. An explicit deny takes permissions away.

Well yes but it has StringNotEquals, and the tip suggests it's AND'ed

I'll have to check in the room, which room is this?

IAM permissions room under task 7 "Conditions"

My coworker and I were debating this, we were stuck at this suggested explanation:

In AWS IAM policies, when multiple conditions are specified within a single condition block, they are combined using a logical AND. This means that for the policy statement to apply (in this case, to deny access), all the conditions in the block must evaluate to true. If even one condition evaluates to false, the entire condition block evaluates to false, and the policy statement (the deny effect) does not apply.

However in the room, the glue service is making the request and therefore would be meeting one condition to false, given Glue is part of the 'StringNotEquals' portion

This is from AWS's website as well

The second one appears to be false as well, I don't think there is a glue.amazonaws.com PrincipalServiceName

Well the question is a bit confusing as it just says "The Glue Service", does this mean it's not the aws:PrincipalServiceName "glue.amazonaws.com"?

I think so, the documentation does not show a PSN condition context keys for the glue service .

Apologies, what do you mean by PSN?

PrincipalServiceName 🙂

But isn't the condition context key stringnotequals?

Yes, so both conditions are met as not equal, so it is a deny.

I guess where I'm getting hung up is where AWS docs state:

"When multiple values are specified for a single context key in a policy with negated matching condition operators, the effective permissions work like a logical NOR. In negated matching, a logical NOR or NOT OR** returns true only if all values evaluate to false**"

In this instance, StringNotEquals is a negating matching operator and given Glue is present in the policy, wouldn't the scenario cause the policy to evaluate as false and therefore negate the deny effect?

Only if there was a glue.amazonaws.com PSN that represents the Glue Service, which I can't find as true. I'll see if I can make the question more clear.

AWS does not openly list these PSNs, which complicates it even further. 😄

OOOOH

Okay yeah

That SUPER needs clarifications, see I didn't realize that:

The aws:PrincipalServiceName condition key in AWS IAM policies is used to specify AWS service principals. These principals are predefined by AWS and correspond to the various AWS services that can make requests on your resources. You cannot create your own aws:PrincipalServiceName values; you must use the ones provided by AWS.

That is super super duper important, my brain saw "The Glue Service" and related to the policy JSON there. I think it would be very help to clarify that some of those aws:PrincipalServiceName cannot exist

Thank you for taking so much time to clarify this for me!

BUT to be clear @flint arrow if that aws:PrincipalServiceName was one that existed but it was coming from the wrong VPC, it would still go through and not be denied, right?

Than it would be allowed. 😄

Okay that is awesome, now it is crystal clear haha

hello anyone was facing this issue while generating the cloud enviroment ?

What issues are you facing?

I could not spin up the environment

What happens when you try to spin it up? Is it getting stuck?

honestly i completed the whole thing 100%, and i ran into issues from time to time with incorrect permissions and stuff. if you just regenerate it like 2 or 3 times a lot of times it just fixes itself.

Anyone make it through the AWS Lambda? Have trouble with the file handler question.

The handler function is missing from the zip file. What should the filename be? Makes no sense to me.

Figured it out. That was a tough one.

I don't understand what we are supposed to do in this task, when I attempt to run the commands specified in Cloudshell I just get back:

"An error occurred (AccessDenied) when calling the CreateUser operation: User: arn:aws:iam::339712963689:user/339712963689 is not authorized to perform: iam:CreateUser on resource: arn:aws:iam::339712963689:user/padawan because no identity-based policy allows the iam:CreateUser action"

I'm resetting the environment but seems to be taking a minute and is stuck in 'resetting'. Though I'm guessing this is normal?

Okay after environment reset I'm getting the same error for lack of privileges to create the user:

Okay figured it out. If anyone in the future is wondering why they cannot "create user", it's because you need to "generate the environment". After you do it will look like this in the cloud details tab:

Each generated AWS environment only has permissions granted that are required to run the commands necessary to practice/complete those room(s) (see the list in the Cloud Formation - Environment tab). 🙂

https://tenor.com/view/bear-byebear-cute-bye-wave-gif-344809869674681480

Hello, was wondering if anyone could clarify - are we supposed to do this step? I tried inputting the command referencing "assets.bestcloudcompany.org.s3.amazonaws.com" and "s3-w.us-east-1.amazonaws.com" as the bucket but neither worked. Any thoughts?

For the first link, rethink which part of the url is the bucket-name.

And which part you don't need when using AWS arn signifiers like s3://

Ooooh, now it is making some more sense and things are happening. For the second link, that's not a bucket...right? Is Amazon gonna door down for attempting to sync that? Haha

Second link will not work. 😄

Yeah I got a failure or a deny and then afterwards I was like "Wait...this doesn't look right" lol

Just for my notes, why exactly does the second not work? I realize now that is the CNAME, is it because we aren't actually referencing a bucket with the command?

If it is not a valid bucket-name, it errors. Bucketnames are unique globally (they are not a regional identifier).

Oh okay, so I didn't do anything bad with that failed request, right? I know with cloud stuff we have to be careful about what we are doing haha

No worries, but that is indeed a good general awareness to have. In general AWS follows the principle of least privilege by default implicit deny, all granting of permission for anything is explicit.

Thank you once again for clarifying it all! Good to know the AWS lawyers won't be contacted over one bad API call lmao

Gave +1 Rep to @flint arrow (current: #16 - 448)

anyone could recommend some good reverse engineering resources like free Books, online courses, or tutorials. Thanks in advance!

Best to ask in #resources or #bookclub

Hi team, I'm having errors generating the environment for the EC2 Data Exfiltration room. It failed multiple times, and it now says:

Uh-oh! You have maximised your number of attempts. Please try again

Did this happen to anyone here?

I don't know what I'm doing wrong, but I've issue with the environment of Amazon EC2 - Data Exfiltration. I've already reset the environment two times, but still without success. I receive permission denied almost on everything. If I try the elbv2 describe-load-balancers I've receive: An error occurred (AccessDenied) when calling the DescribeLoadBalancers operation: User: arn:aws:iam::xxx:user/xxx is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers because no identity-based policy allows the elasticloadbalancing:DescribeLoadBalancers action. If I access to the console on cloudshell I receive this message: ```Unable to create the environment. This may be due to insufficient permissions to create VPC or public environments, or because the environment no longer exists. For more information, contact your IAM administrator.

System error: User: arn:aws:iam::xxx:user/xxx is not authorized to perform: cloudshell:GetEnvironmentStatus on resource: ```.
I can reset the environment again, but it will be the third time.

I’m having the exact same issue. Tried everything but this environment won’t generate correctly for the last 4-5 days @mods anything that can be done?

Same here. @raw mural could you or someone on your team please get eyes on this? Ty

Gave +1 Rep to @primal flower (current: #2127 - 1)

I've opened a ticket to support. I don't know what they have done but yesterday worked for me

Can you dm me your username and email please. Also mods are only voluntary they can't help with the AWS

Yes done

does attackboxes have internet connectivity? doing sts credentials lab and tasks are asking me to use attackbox, but when i run aws sts get-caller-identity, i'm only getting "could not connect to the endpoint URL: ..."

Only for subscribers.

Hi all. Is anyone else experiencing issues with generating or resetting their environments? For the past two days for multiple rooms beginning with EC2 Data Exfiltration and each room after that, it takes a really long time to generate the environment. Lately, I have not received a message stating the environment was generated successfully and is ready to use; I have to refresh the page. Then, when I log in to the AWS console, I see access denied in many of the panes. I sent a ticket two days ago but no one has responded. I'm curious if anyone else has had issues with their environments. So far, this "attacking-defending AWS" path has been riddled with technical problems that have hindered learning. Which is a shame, because I think it is a great learning path, but the tech issues really need to be worked out.

@fast ginkgo Yes, there are a few of us who spoke up recently about the EC2 Data Exfiltration lab being broken. Myself, @primal flower, @karmic nacelle, and now you. I’ve done a dozen+ resets to no avail. I have a support ticket opened with @raw mural that has been open since July 6th. He said the AWS team is still looking into it.

I was offered a full refund by THM on the condition that they revoke my access to the AWS learning path, which really sucks because I am 90% complete with the path so I don’t want to do that but I do think partial refunds are in order.

I was advised to just skip that module until a solution is found. However, fast forward and now I am at another lab-breaking bug in the AWS IAM Initial Access Task 5 section.

@flint arrow can you please have your AWS team look into these 2 separate bugs? I’ve spent 10 hours of my own time trying to troubleshoot the EC2 Data Exfil room.

Thank you

Gave +1 Rep to @fast ginkgo (current: #2157 - 1)

I appreciate the response. It's somewhat relieving to know I'm not the only one experiencing issues with it. However, I am still waiting to hear back from THM on my ticket. I plan to follow up with them tomorrow. I, too, enjoy the module and am so close to finishing it. I would prefer they fix the problem so I can complete the path. Or perhaps grant a 30-to 60-day access extension to allow me to finish it once they correct it. We will have to see how they respond. Thanks again!

Gave +1 Rep to @warped viper (current: #2157 - 1)

Hello, for now it is advisable to skip the EC Data Exfiltration room. 🙂

Hello,
I have an issue with the room Data Exfiltration.
The command to list all load balancers does not work. I have this message :

An error occurred (AccessDenied) when calling the DescribeLoadBalancers operation: User: arn:aws:iam::339713192398:user/339713192398 is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers because no identity-based policy allows the elasticloadbalancing:DescribeLoadBalancers action

The command still not work with attack box with message

Connect timeout on endpoint URL: "https://elasticloadbalancing.us-east-1.amazonaws.com/"

I am in the same boat with the EC2 Data Exfiltration room not loading properly and resetting it does not work properly. Quite a shame 😦
Here's what I'll do, and will update this as I move along. Follow the 'skip this for now' advice and move on with the VPC rooms. Generating the environment for the VPC room might also help as a workaround reset or something.

Current error for the ec2 data exfiltration room:

An error occurred (AccessDenied) when calling the DescribeLoadBalancers operation: User: arn:aws:iam::12345678912 :user/12345678912 is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers because no identity-based policy allows the elasticloadbalancing:DescribeLoadBalancers action```

I have generated a different room (the "AWS VPC - Attack and Defense"), which loaded fine. Having this room generated makes the generate button on the ec2 data exfiltration visible again. Upon (re)generating the ec2 data exfiltration room again, the issue persists. 

From the messages earlier in this chat, I can tell that THM is aware of this issue and the issue does not seem to be caused by a user. However, it would be nice to know if someone is also looking into it. I am fine with skipping, but would like to 100% this before the 3 months are up. (:

Any idea on when this advice no longer stands?

I have no ETA, it depends on the maintenance effort required to fix it.

Righty-o, I went through the entire path and wanted to revisit this. After generating the room, resetting it once, the room seems to be set properly.

So for future readers, I suggest generating and resetting the room. And be sure to give it some time. There might be something going wrong, but it should be possible nonetheless. 🙂

Hello,

I Have the same issue for the room AWS VPC - Data Exfiltration

aws ec2 allocate-address

An error occurred (UnauthorizedOperation) when calling the AllocateAddress operation: You are not authorized to perform this operation. User: arn:aws:iam::339713192398:user/339713192398 is not authorized to perform: ec2:AllocateAddress on resource: arn:aws:ec2:us-east-1:339713192398:elastic-ip/* because no identity-based policy allows the ec2:AllocateAddress action. Encoded authorization failure message: zevAl8v_-Yy36aVk_69zTTiyXRBNP9RSmiNAhmeU1bOAGP3AiE0BYVH9tW06hQ0v0LeAaHNmPimWGoMJ29GuE2mEq0EVN0vt-SdSUcLF-PLc5HvnKvk1JgIQepPvnc6mCcX2h1hzdiMAG9HqWRcgmpz5tDKzza9TETbGZ0Az64sJHxI5-pBprg837FXGOXYUDH9-Vn0XGDXqNXmzlYpMFblS5iYh0HygYOqVhjvOf9l7PAqBX1v4H2tk6d4WyBOxg71l-CthEs3Hsf0edqM_OQkkkRJUBZowldOb7yStOcVqVV3ySp_iTszZWZ_QkjgS7hVDODkPmDDGdSgYRLNUcqzidGRxOpyMpiwsCCsgOSt3XPsDp9hjH1IB1dmTYWXoj38nxZh6TBWQ9koDZgXXI_zd7BgeK4hzWp0L954c59l39Qv9kejzBZnV8ipVYDAfD-9lKnC3Hv8BvIrLgN0VZaXXPvhNhOrktble8rvMjjrS-WQQM_NJviWl9sypowlGuA

Is it possible to fix it ?

Moreover, the connexion from the Attack Box get into time out.

Hi everyone, I am just new with the aws path, and have first issue with IAM Principles room - (my account doesn't have permissions to see the users in the IAM Console), as I understand the typical way of operating here is to reset the environment, and to pray that the next one will be correct?

Is it normal that I wait a few days for any sign from the tech support?

yeah the waitime is generally about 1 work week

It can take 3-5 work days sometimes longer

Hi! I just wanted to say I have the same issue with mine. Signed up yesterday and have tried to reset environment a few times. When logging in via the console, there are no permissions on the account. I’ve also tried using the CLI but same permissions issue.

Btw I ran the keys through a tool I built (https://github.com/MillerMedia/awtest) and it seems they have basically no permissions.

Ok, update on this. I only had a ‘reset environment’ button previously but for some reason when I went to cloud details in the ‘AWS S3 - Attack and Defense’ room, there was a ‘Generate Environment’ button again so I clicked it and it seemed to work this time

Thought on one of the rooms. In the AWS S3 - Attack and Defense room the final question ‘What is the flag in the Wordpress profile of the user?’ Is super confusing because:

||You get the users credentials by logging into the EC2 service. These logins work on the Wordpress instance on that EC2 instance which I accessed by SSH port forwarding remote port 80 to my local machine (since we only have SSH to that machine). I logged in, searched around forever and could not find the flag. The flag is on the actual bestcloudcompany.org site with the same credentials. Didn’t make any sense to me why that would be the case? Perhaps an easy fix would be to also include the flag in the users profile on the version we spin up from the AMI?||

Hi, any updates on the issues with the IAM principals room (and the other Introduction to IAM). I have finished all other AWS rooms and am stuck because the environment does not generate the right IAM permissions for me to do those rooms. Thanks!

so the best way is to progress to the next section and come back to IAM?

I didn't get any answer for more than week

Hmm yeah I guess. I’ve finished everything else that I can for the AWS modules

Do you know any additional channel to contact tryhackme, it seems they give a f. to the chat

thanks

I don’t. I’ve opened a ticket too and posted here but that’s all I know. Maybe the #subscriber channel?

hwo did you open the ticket, via chat?

@hallow swan yes the icon on the bottom right of the screen when on the website. Can open up a ticket that way

IMO IAM rooms are correcred now, I gave it try once again, and everything with privildges is OK.

Can anyone provide a tip for AWS VPC Task 9 answer, "What is the routing target prefix for the VPC Peering connection?". My AWS environment doesn't have any peering connections. I've looked everywhere. And the hint isn't helpful since all it says is to include the dash

Is this the only place to come for help when stuff isn't working as it is supposed to in these AWS labs? jw

Hello, whenever I try to generate/reset an environment I can get a username but the rest of the information are set to undefined: can someone assist me ? Thank you

Hey folks - I've had a support case open re: AWS Environment since Sept 30. @raw mural has a been handling the case and has been very gracious. The problem is I can't complete the Hacking and Defending AWS track because my environment is either "not ready" or broken. Anyone else had any issues with the AWS environments?

i got this error too. I think aws maybe do something change the environment because i remember i saw aws said they will change some rule and policy before Oct

Please help, I'm doing the aws lambda room task 4 Components of lambda question: what are the first two sentences of the error message you received when the get-function command tried to read the environment variables, I literally copied and pasted the error message: Lambda was unable to decrypt the environment variables
because the KMS access was denied. Please check your KMS permissions. KMS Exception:
AccessDeniedException KMS Message: The ciphertext refers to a customer master key that does not exist, does not
exist in this region, or you are not allowed to access. Its still saying its wrong yet I looked up someone else also doing it and they did the same thing so I don't know what I'm doing wrong. My access also ends for the course on the Monday

When was the last time you used it before ? Environment maybe got some error because aws changed their settings and policy recently

It had been a few weeks since I used it last, I have created a ticket but I don't know what the chances of them getting back to me are before I lose access

But if aws has changed their policy and settings what does that mean for us and will we not be able to complete this training?

i dont know because i lose my access too 😭 And tryhackme staff said he had raised my ticket about this bug with their cloud engineer for 6 days.

@dark wedge same, stuck without an option to generate creds and without access to AWS env for 1+ week and been waiting for tryhackme staff to fix the access issue

I created a support ticket but I have heard nothing back I'm on 99% completion but can't get the cert because of the broken question 😭

my access was useless for 3+ weeks, the 3-month licence only left 1/3 time.....😇

I finally had my issued resolved. I asked for an extension based on the lost time and it was granted. I would suggest doing the same.

Thanks

Gave +1 Rep to @gaunt arch (current: #2340 - 1)

How long did it take them to solve your problem? you aws env is useful now?😭

It took ~28 days to resolve. I did very nicely check in every day or two on the case letting them know I was still here. 😀. My environment is usable now.

Does anybody know where to look for the flag in the wordpress profile of the user in the "AWS S3 - Attack and Defense" room? I tried to look everywhere that makes sense but found nothing

I'm logged in as the user in wordpress, with the creds retrieved earlier in that room, just didn't see anything.

It will be in the biography

Has anyone ever been able to complete AWS VPC - Attack and Defense Task 9? "What is the routing target prefix for the VPC Peering connection?" It seems impossible in my labs as thee is not a Peering Connection. This lab seems busted

Hey folks, I have a question regarding the "AWS S3 - Attack and Defense" room. When trying to sync the S3 bucket for task 6 I'm getting Access Denied. I was wondering if anyone else ran into this issue, or maybe some permissions changed on that S3 bucket so that it's no longer public?

Hello friends, I'm currently experiencing some issues within the STS Credential Lab for the Attack & Defending AWS path and was wondering if someone else has solved this issue before. The task is to create an IAM user account specified in the room, however the Cloud Environment does not have the privileges to invoke the operation CreateUser. (iam:CreateUser on resource: arn:aws:iam::799048156303:user/padawan because no identity-based policy allows the iam:CreateUser action). I’ve reset the cloud environment to no success where I'm curious if this needs to be resolved by THM staff.
https://gyazo.com/10258702c6d223bf0813d79c8aceaf88

nvm resetting the environment a few times eventually gave me the permissions to create a user

You are not authorized to perform this operation. User: arn:aws:iam::2169890993** :user/2169890993** is not authorized to perform: ec2:RunInstances on resource: ..

altho i am logged in with the right creds

tried to reset lab, same issue

ec2 part

Hey! I have difficulties submitting answers to task 6 in AWS IAM Enumeration room. My scan shows me N principals, but it seems like TryHackMe expects another answer…

hi...has anyone done any other aws training, such as HackTricks or CloudBreach? How does this one compare? Thanks!

Hey Guys,
I am planning to get the AWS labs and I just wanna know whether it's worth it for the price (£329) :/

how do i get help with the aws console? i had to reset the environment and it reset with many errors. and unable to reset again (max limits)

Any help??

When I have had issues @empty hare Ive went to anotehr module in the course - generetated from the other module. Once thats completed. Gone back to the one im working on and then generetated it again. Its a work around for when you need to start over or hopefully sort out the problem you are having.

i see..thank you. it is a work around. 🙁
im still with no 'Reset Environment'

that worked!! I jumped ahead, then went back to where i stopped 24 hours ago.

hey ther

i'm planning to buy the course but price is a little bit salty, does anybody purchased before? is it worth ?

as you work through the rooms your level of access will change, which room are you on?

Hello, anyone in AWS Training ? I'm getting always this message when clicking on cloud details
Environment State:

Not Ready
You do not have access to any environment

Whats your username?

Hello, is Attacking-Defending AWS path learning material still going to be accessible after 3 months of course duration. I am sure AWS environment won't be available but I am wondering at least if we can have access to the course material after 3 month

AFAIK, you do not.

Creds found work in the EC2 instance but not in bestcloudcompany.org/wp-login 😢

can anyone help with IAM Credentials room, in Task 5, it's mentioned "The Root User or an IAM User can only have two Access Keys at one time."
Then the question "How many active IAM Access Keys does the TryHackMe-IAM-User have?" has an answer 1 not 2 ??

Hello everyone it will learn me the basics of AWS

yes but for few of the (important) services

Is anyone else having issues with not having the correct privileges in the console to perform actions? Right now I am working on the VPC room and i can see the answer wants a 10.xxx.x.x/xx address. However, when i go to the VPC console and even on the page a 172.xxx.x.x address is listed. What’s going on and how do we complete these rooms when nothing matches.

how long does a environment reset take, it been almost 10 mins!

and now it seays I've used all my resets for today! We need some direct support here! Not great for £300

well it would have been £160 if u used the discount code yesterday, but I do agree with you still.

STS Credentials lab - "Refer to Task 2 where we added the user to the padawans IAM Group." Task 2 is nothing to do with this. Like who even does the QA checks for these?

I expect absolute perfect stuff if I am paying £160

Oh man, even worse then! I'll get work to expense it for sure then! Yeah I am seeing a lot of grammatical errors, and other stuff that just makes me think this should have been a lot tighter for the cost they are charging

I am looking at Cloudbreach or PwnLabs atm

Did you figure this out? I even checked in the DB, there is no other user, but not sure if we're meant to crack the hash or something

Yeah I mean I agree with what u said, Cloud training is the most expensive stuff that THM are offering, so that means that essentially they should provide the AWS and Azure chats more support than any other chats (i.e monitor it more).

On the "EC2 Storage and Networking" section, did anyone have issues with the "What CTO is quoted in the flag you found on the volume?" flag? I mounted the volume, but there is no flag

Not sure how it happened, but my instance is in AZ zone 1d, my volume is too. But even when I try and attach the volume to my instance in the GUI, it says there are no instances available in 1d.

Ah got it now, wasn't clear about swapping between cloudshell vs beig in local instance

Since a few days I can no longer generate an AWS environment from “Cloud Details” even though I have a valid subscription license for AWS course.
I am getting the following message on "Cloud Details":

• Environment State: Not Ready
• You do not have access to any environment

I see on Discord that several people are asking the same question, but I can't find a solution. I have also sent an email to the helpdesk, but have not received a reply even after several days.

Could someone please help me with a solution?

not sure if this is a glitch but when I need to generate an environment it needs to have the appropriate environment name instead its just : You have access to an environment for the following rooms:

STS Credentials Lab
STS Credentials Lab
Please note that generating an environment for this room will destroy the environment used in previous rooms

its changed now to this: You have access to an environment for the following rooms:

STS Credentials Lab
AWS S3 - Attack and Defense
AWS S3 - Attack and Defense
AWS S3 - Attack and Defense
AWS S3 - Attack and Defense
AWS S3 - Attack and Defense
which is now correct but a tad few many

AWS S3 - Attack and Defense - Lab was not good, some of the commands were lacking or were not explained properly at all.

I still cannot finish the last question for AWS S3 - Attack and Defense (What is the flag in the WordPress profile of the user?) Not sure if I am missing anything obvious. @terse lynx did you complete it with that PW?

Yep I get same thing, "password you entered is incorrect"

Can anyone from TryHackMe chime in? @flint arrow - or anyone else? I would have expected a little more support here!

Thanks for sharing the information. I got a reply from the support desk and the issue has been resolved🙂

Gave +1 Rep to @terse lynx (current: #639 - 9)

Did you or anyone else figure this out? I am getting more and more disapointed with this whole course and the lack of suport 😦 @flint arrow

I just do the Azure path whenever there is an issue with AWS and vice versa

but yeah I do agree, could do with more support

Have you figured this one out yet? I’m also having this issue and would love some support. I created a ticket yesterday but I have yet to hear back from them.

I am not sure how tickets get picked up but I would hope that people with a cloud license gets put on top of the pile and gets looked first before the premium and free users

They replied asking which labs. I have heard nothing back yet. I guess it’s not fixed.

Looks like that room has major issues too.

Hey, We are looking into the issue with S3. As soon as we have an update I will let you know

For the issues occurring. We can extend your license for the duration until the bugs are fixed

Thank you

Gave +1 Rep to @raw mural (current: #55 - 167)

Please let us know how we can see that.

First step of the VPC exfil room and I have this issue too! I have just generated the room too! Jeeeeeez come on @THM team, this is really really poor for a paid for course @raw mural @flint arrow

Did you ever overcome this? Hitting the same issue, but moved on for now

Whats your THM username?

Hi all I am currently in the AWS introduction. and on the IAM Principals when I generate the environment I am not given any credentials outside of username. Is there something I need to do to access that information?

Amazon EC2 - Attack & Defense ----> Task 3 step 4: first, select "64-bit (Arm)", then make sure "Amazon Linux" is highlighted. It does not even appear like it does in the screenshot

Instead I get the error: The AMI ID (ami-0b86aaed8ef90e45f) is not valid. The AMI might no longer exist or may be specific to another account or Region.

Even though I have filled out the exact same Amazon Machine Image (AMI) like in the screenshot

Sigh this is the second lab with problems. All the theory stuff has no issues but the most valuable stuff which is labs has issues. Not good, I am going to reset environment and try again. But not happy overall with this

Not only that, I have been sent out as a test from my team at work to try this and if its good the whole team will get it. Looks like that aint happening.

Thank God reseting worked. I have a feeling that when u launch the cloud instance it gets stuck in the previous lab or something idk

Overall impression so far. I feel the content is rushed through, It just starts as though it assumes you know everything back to front and you are an AWS wizard. "Attack and Defend" Where exactly is the defend in the EC2 lab. How can a defender look through the logs or find stuff that indicates this suspicious behaviour? 1st and 2nd lab have been low quality content so far. Not great. The azure path on the other hand is well structured and does not assume you know everything.

Where is the Cloudtrail logs, where is the investigation part????

I am just halfway and I feel the money put into this has not been worth it for the AWS path. Hoping the rest of the labs will change my perspective, so far the theory has been average and the labs have been trash. Sorry for being blunt I give credit when its good and up front when its bad.

mechs85. I got around this by reseting the room, even after I had just generatd it. But my isue is now as quoted above (pinging public IP of EC2 instance). I'll do the rooms I had issues with again next week, but sometimes its hard to know if it is a room issue or anything else

that is the inverse of what someone said in the Azure room, it's all blue and not much red. I have forgotten about the defensive side of things on this course, but luckily for me I am actually doing a threat hunting Cloud course and I knew nothing about AWS, so I chose this course for the attack side.

I will hold off judgement for now, but honestly I don't know why this cost me x3 times more than my premium subscription; and I have actually cancelled my yearly premium now. THM would not see good for the discount code I did not know about, so this was £300+ for me and it certainly just feels like it is that price for the AWS workload cost and not the content.

Anyway, I am hopefully going to finish up next week, take some notes and move on from this. But I hope THM will see to it they either give us permanent room access or much longer to redo these labs, as it has been really bad.

I have cancelled my yearly premium as well. I am planning to move to HTB. There is just too much shit that does not get fixed and stays unfixed forever.

"We have millions of users waiting for us to do more, and if we don’t solve their problems better than anyone else, a competitor will." - Ben Spring. Yes that competitor will be HTB @supple crescent .

Hay, can I dm you?

Of course - go for it.

Want to DM me with some of your thoughts?

sure

So ATM I have the following hurdles:

-Wordpress login for user fails
-No peering for VPC connection
-Cannot contact public IP for VPC exfil room.

LMK if people are also stuck on these, as its hard to know if I need to reset my env or if there are general hiccups.

try resetting, sometimes it works for me.

I generated a new env on your account. I belive S3 is still having issues but others should hopefully work

Thanks, let me try them now

Gave +1 Rep to @raw mural (current: #54 - 169)

DId you do the WordPress one?

the one with the login page with creds?

did not work for me although I have not tried again

ok, I just tried again, still nada. Trying some of the others that hopefully were fixed with a reset

hang on no peering for VPC connection is that for one of the questions in the room?

there was a question on peering I was stuck on for a very long time

I am going to do the VPC exfil room now

Yeah that, I actually watched a video of someone getting stuck for ages on the same thing. Questionw as not clear at all

https://www.youtube.com/watch?v=pFKUHZTYzqg

Yep I got stuck on that question as well lol, very vague

yep I am having same issues with the exfil room as well, unable to contact public IP

I was hoping I could maybe do a few tasks before hitting a brick wall but it looks like I can't 😅

well, that's a waste of time me trying 😄 I was trying to regen the environment. Ah well. @raw mural - still issues on the VPC exfil room it seems

I came from the previous room though so not sure if there is a loop over and I need to reset each time. I can try reset and see if it does anything.

I tried doing aws configure command and tried to fill out the relevant details but that did not work either

yeah let me know. I'll try in CloudShell

@raw fiber reseting worked

probably might be worth reseting every time you start a new aws room.

one sec did u mean contact public IP for the last task?

or first?

Anyone know why I cannot get cloud details on the IAM principals after resetting the environment?

Is it blank?

@supple crescent see my DM? u asked to DM you but not sure whether you seen it yet.

Is this supposed to happen? I am in the resource policies & sscps room*

Hey, let me check for you. The room might have been made private for maintenance updates.
Edit: Indeed, maintenance. 🙏

No worries, thanks

Gave +1 Rep to @flint arrow (current: #17 - 542)

"Attack and Defense" I am close to finishing this and have not seen one bit on defending

Is it possible that the password for the lab 'S3 - Abusing the Substrate' in the Attacking and Defending AWS > Core Services > AWS S3 - Attack and Defense section has been changed? I'm trying to access the flag in the WordPress profile and want to make sure the room credentials are still valid.

I'm in the IAM Principles room, says to 'Take a look at the users that exist in your TryHackMe Account via this AWS Console Link'.
Link opens to a log in page and I have no credentials.
Cloud details button at the top of the page has no credentials in and no access to any environment.
Not sure how to log in...

Did you click on 'Generate Environment' and wait until the status turns green ('Active'), then go to the 'Credentials' tab? You need to Join Room before

I don't have any option to generate:

Did you pay to get access?

yep, just finished the Azure path

Yeah I think this is for all the rooms

sorry all the aws rooms

as in an issue right now?

correct

afaik

Thanks, good it’s not me being a doughnut

Gave +1 Rep to @terse lynx (current: #552 - 11)

Nope. This has been an issue since last month. They have not bothered to address it.

I’ve given up on this course.

I might make a blog post or something, not sure yet. I think its important people know our experience with it rather than blindly trusting without any reviews and giving money to THM. I think its important as well people review this chat to see how other people found it. I am not biased, I think the azure path was generally good apart from the hiccups with the 3 rooms that were privated. The challenge room was fixed relatvely quickly on that side but the other 2 rooms are still not fixed. But the AWS path has been an absolute ballache to do.

At this point I have been enjoying the free rooms more than the paid rooms. The free rooms do not seem to experience that many issues.

@raw fiber also I have heard lot of good stuff on pwnedlabs in regards to aws/azure labs and some of them are free. I have not tried it but I will be giving that a shot at some point.

AWS IAM Enumeration - Cloudshell does not work with quiet riot

Whats your username?

What happens when you run it?

Anybody experiencing issues with connecting EC2 instance? Getting error message " Instance is not in public subnet". There is no other subnet available to select while creating an instance. Same error with the default demo ec2 instance as well. Room : Amazon EC2 - Attack & Defense

I hope you do bro, I'll share it too. Just because I do not want others who save hard for the course and expect a lot more for their hard earned money

Same as here. I’ve raised a support ticket

config file or something not present. I had to watch tyler ramsbeys stream, and even in his stream quiet riot seemed to be a ballache to use

I just went to the next lab. I don't want to spend more and more time troubleshooting a tool.

Unable to generate AWS credentials what to do?

Environment is active but no credentials appeared in credentials tab

try reset

then generate again

Just to confirm, no one can do the WordPress user question yet, right? Happy to feel like an idiot and get advice if I'm wrong. @raw mural

Tried couple of times

Yeah if no luck then ball is in THM court to deal with it. We can only really reset and hope for the best.

Yeah where can I get the support

You could probably email , or I would hope someone from THM who reads this chat would chip in and help.

No not yet, let me check on what the update is

Looks like still being looked into

Whats your username?

ShyamPrasath

When you say not generating, are they blank like no creds are showing?

Thank you, without this post I would never have found the flag, I have no idea why this is happening.

Gave +1 Rep to @drifting pelican (current: #1418 - 3)

Yes

@supple crescent just checking whether u managed to read my dm u asked me to send u.

(RESOLVED you need python 3.11)Has anyone else experienced issues with quiet-riot in the room AWS IAM Enumeration -> Enumerating IAM Users and Roles? ModuleNotFoundError: No module named 'jmespath' if I used python3.9 and ModuleNotFoundError: No module named 'botocore.vendored.six.moves'
with python3.13

Hi. I'm stuck on "AWS S3 - Attack and Defense". I obtained default password for user from ec2 instance. But, the password didn't work on http://bestcloudcompany.org/wp-login.php . Am i in correct path?

Nope. This has been an issue since last month.

Please could you check again

Now I got the creds,
What's the actual issue?

Not sure about the issue waiting for the root cause to be found but I had to reset your creds/env

Thank you so much

It's happened to a few other users as well

Oh

bruh, its been weeks. I can't even finish the course lol

ask someone for the flag ... It's been a month and they do nothing

The username and account id is both are same ?

I tried but I got authentication failed

Hello @raw mural
I'm Unable to generate AWS credentials, need you help in fixing the issue
My environment is active but no credentials appeared in credentials tab
I even tried resetting the environment

My user name is jayanthiramasri

Can someone DM me the flag for the WordPress user? I have everything except the last flag, due to the auth info for user not working, as per this chat. Thanks!

Sorted. Thanks!

@raw mural - how long of an extension are we going to get on our AWS path?

https://tenor.com/view/palla-deserto-desert-hot-gif-6014273

Reading through this it seems I'm not the only one with an authentication failed error. Anyone had any luck getting it fixed?

Try to restart the environment

That part is completed now credentials are coming but not valid

Can someone DM me the flag for the WordPress user? I have finished other than the question. The auth info for user is not working, as per this chat. Thank you in advance!

I resolved it. Thanks!

from the cloud console, I am getting this in sts credentials lab. did i miss a step?
~ $ aws iam create-user --user-name padawan

An error occurred (AccessDenied) when calling the CreateUser operation: User: arniam::160326976186:user/160326976186 is not authorized to perform: iam:CreateUser on resource: arniam::160326976186:user/padawan because no identity-based policy allows the iam:CreateUser action

You need to generate environment specifically for that room . Click on Cloud details > Generate Environment

Ah ok

Thanks

How do I tell how long I have left in my cloud labs

Hi - was enjoying these labs a lot but I've hit a snag - the cloud environment has been stuck 'generating' for over 24 hours and I can't cancel or reset. I think I accidentally set up the STS Credentials lab twice which might be causing issues - Any help?

"Environment State: Generating
You have access to an environment for the following rooms:

STS Credentials Lab
STS Credentials Lab"

There is a walkthrough of this lab on YouTube where you can get the flag

Try to leave the room and rejoin after 15min

@flint arrow Is leaving the room and re-joining a good way for this to start?

I know that's how we deal with networks, but since this is the AWS environment, it may be something support needs to assist with?

hi guys im new here i need hackers and spammer friends sendme a PM

Hi Everyone, I am stuck at AWS s3 - Attack and Defense task. I have retrieved the username and password but it doesn't work at wp-login page. I can see it is a known issue. Can someone from THM or here help me for the last flag in Task 8

It’s a known bug and be ing investigated

On the same, it looks like the security groups are preventing access to the WP site as they only allow SSH.

I used ssh dynamic port forwarding to access the site and login which has worked fine but I still can’t find the flag 🙃

You won’t be able to find the flag there as it’s actually located on the actual site. Let me check on an update to see where it’s at

Thank you king

Also for the attacking EC2, the IMDS stuff under instance permissions needs to be updated to IMDS v2 as v1 doesn’t work by default anymore.

commands should be updated to include the TOKEN step here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Basically need to add this is a prestep:

TOKEN=curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"

Then in the follow up curl commands to the IMDS add the metadata token header with:

-H “X-aws-ec2-metadata-token: $TOKEN”

With those additions worked in the lab instructions work as expected

The steps are already in the section, just needs to be added earlier to be able to query the metadata service

The room "Resource Policies & SCPs" no longer shows in the "Intro to IAM" module . Can staff say if it's out or if/when it will come back? My cloud subscription ends very soon.

Another room seems to have disappeared along the way, "AWS Encryption Services" .
Any staff member can tell if it is going to be back? Soon?

Hi, is there an update on this? I'm currently experiencing the same error and the /wp-login.php page is not accepting the default password that was accepted by TryHackMe as a room question

If there is not an update, can I receive the flag so I can move to the next room?

@stoic skiff About that, can I DM you?

In the room "AWS IAM Enumeration" , the very last answer expects 4 values but there is a fifth.
Anybody knows why?
The question is "What services appear enabled based on the [quiet_riot] results?" But that 5th service does look enabled in the console.

That's DNS service for AWS

Correct. But how come it's not part of the answer?

oh sorry man, totally missed this. i was able to get around it with the power of tyler ramsbey xD

Also, just a thought, something I was running into - on the AWS VPC - Data Exfiltration, may want to specify the region (us-east-1). I tried basically every region before I got to that one haha.

(not sure why i thought a THM lab would be in Melbourne Australia but hey you never know)

Yeah, in the AWS VPC - Attack and Defense room they said all labs used that region. So it was my first try. But I think there is another clue somewhere else, tho I cannot recall.

wow i'm blind

well thank you that is super enlightening

Last AWS room, last task seems to have a python code error (AWS IAM Initial Access, Task 6) .
When using boto3.client('s3') instead of session.client('s3'), I was getting the following python error in my own Kali box (running python 3.13.3) when calling python3 upload.py
botocore.exceptions.NoCredentialsError: Unable to locate credentials

Who can teach me on how to hack account

wdym by that ?

Hey all, I'm doing the AWS S3 - attack and defense and on task 8 for the question 'what is the flag in the WordPress profile of the user", I tried basically everything but the web page won't load when I try to visit <ami public Ip address>/wp-login.php it times out no matter what I try

I can ssh into the ec2 instance but when I try to visit the public Ip it times out

I've been stuck on this for 4 days, I'm losing my fucking mind

Oh I just read it's a known bug. Any update on fix?

It's been nearly 3 months. I've been there few weeks ago, using the domain name loads the page, but the credentials never worked, as if someone changed the pwd a while ago.
I've seen THM change the question/answer when similar problems occurred. Not for this one it seems, yet. I understand THM must prioritize room corrections but this one impacts cloud subscription time limits.
If using the domain name still fails, I may be of some help if you wish to DM me.

Sounds good, but it seems you're not accepting DMs or friend requests so you're gonna have to req me

Hey Folks, I just did the S3 room. but whatever i do I cannot terminate the EC2 Instances, have tried through AWS CLI, attackbox, AS well as resetting the env in TryHackMe. Keep getting Permission errors (AWS) or "Something went wrong" (THM)
Just dont want to leave instances running, will these terminate or can THM staff terminate them for me?

I don't think it matters if they stay. I think you can stop the instances and that should be fine

Hi, I cannot log in to the WordPress site on AWS S3 for the Attack and Defense - Task 8 using the username and password found.

Hi @raw mural , I am unable to log in to the WordPress site on AWS S3 for the Attack and Defense - Task 8 using the found username and password.

It's a known issue. Dm me and I will pass over the flag

Please is anyone into secure side review lately am looking for someone to do it with

Pls anyone into secure code review?

Hello

Hi, I'm having trouble loading the wp login page for task 8 in the AWS S3 room. Looks like it was an issue a month ago. Is that still the case? I've been using to the public ip for my ec2 instance generated from the ami with /wp-login.php

Same issue discussed here. DM user, who will provide the flag!
#attacking-defending-aws message

anyone see this "hello friends" cloud environment?

Is that supposed to be there ?

Does a green checkmark ever show up when you finish Attacking and Defending AWS?

facing this issue myself - what should I do?

I raised a support ticket and it got resolved that way, from what I can recall

@thick wagon Please slow down — spam isn’t allowed.

@undone plume Please slow down — spam isn’t allowed.

@wary python Please slow down — spam isn’t allowed.

Is there a way to copy paste the credentials into the attacker box when we're running the attacker os in web browser ?

I remember that was working for me about 2 weeks ago .

I have problem in room "AWS VPC - Data Exfiltration" .

I already configured my new environment with aws-configure command on my attacker box .

But when I call "aws ec2 allocate-address" I get authorization error :

An error occurred (UnauthorizedOperation) when calling the AllocateAddress operation: You are not authorized to perform this operation. User: arn:aws:iam:::user/[REDACTED]is not authorized to perform: ec2:AllocateAddress on resource: arn:

Anyone faced the same issue ?

Yes, facing it right now. Unable to reset the environment as well, since it claims I have reached a maximum now.

I did I just reset the environment gave it some time came back and it's good now

I can't access to the any environment 。

Can't create a cloud environment.

I can't see any environment, I see I am not the only one having this issue

contact me on DM

Hello, any known way to deal with no option to generate environment when doing AWS labs?

Nope, going to be making a complaint and asking for a full refund. The only two rooms I was interested in (when I purchased THM sub) were the AWS and Azure paths and both of them have issues with their labs.

For anyone having the same problem - in my case contact with the support has helped. They restarted my enviornment and now i can generate credentials

Anyone having trouble resetting or generating their environment?

I selected an environment reset for the STS credentials lab and it has just been sitting at 'resetting' for hours.

currently running into the following issue:
In STS Credentials Lab https://tryhackme.com/room/stscredentialslab
we are tasked to create a padawan user / list the groups of the user, but we are not authorized to create the user / and the user does not exist. The Environment has been set up and also resetted

I ran into this same issue. Apparently what you're supposed to do is generate a new environment within the STS lab, then you get the necessary permissions to work the lab. I contacted support over a week ago for an answer on this and never heard back.

Now I have a new problem with the same lab, I tried to reset the envrionment again and it's been stuck on 'resetting' for two days. Hope things go better for you.

oh thats really unfortunate. Tried a reset yesterday, after a longer duration the environment was set up but no success yet.
I think I skip that room for now and retry it last.

@desert gazelle support finally got back to me and reset the room got it all setup. you will know it's setup for the room when it says this on the bottom

Nice. Yup can confirm those are missing. I m giving it a try in the end of the path. Thanks for letting me know on what to look for :)!

Gave +1 Rep to @dire sparrow (current: #3584 - 1)

Hi guys, is there any way to remove the aws path from my learning? Didn't realise its a paid module on top of premium and now it keeps coming up as my current path.

Can anyone help me to perform some action on a website , I have the vulnerability but don't know how to exploit

Hello, what is the latest name for Defense Security?

Hello, sorry for asking this here if the information is available somewhere.

Is there a general estimation of hur much time the AWS path might take to complete? I know this will differ a lot between participants, but since rooms usually have a rough estimation, I would assume that there could be some number of hours to indicate the required input per week, or something like that.

I'm not aware but I usually look at 'learning scheduler' on the path itself to have a rough estimate how long it is:

Thanks, I guess that's the best option if there are no official numbers to go on.

Gave +1 Rep to @coral ocean (current: #351 - 26)

@jaunty needle Please slow down. Further spam will result in a short timeout.

Hello, I haven't found an answer regarding access to the Attacking and Defending AWS path.

I am following the security engineer path and have validated security engineer and DevSecOps, so I wanted to start learning Azure and AWS. However, both Azure DevSecOps room or Attacking and Defending AWS path require additional fees, but they are only available for team or business plans.

As an individual premium user, do we not have access to this even if we pay for an add-on?

There used to be an option for individuals as well, but I can't seem to find it now. Please post a link here if you find it, as I had planned doing that path later this year.

To my knowledge, you as an individual can subscribe to the team plan for 35 GBP per month.

Checked just now and have you looked at this - https://tryhackme.com/cloud-access?

It used to be a one time subscription fee of 300 GBP if I recall correctly.

Hey everyone , I am interested in the 'Attacking and Defending AWS' learning path. I previously saw a “three month” individual subscription option for over $300, but now when I attempt to access a cloud room, I am redirected to a page for 'Team' licenses.

Does the individual subscription still exist? Additionally, does the Team license include full access to the cloud testing environments? Finally, will I still earn points for completing rooms if I am using a Team subscription?

+1

I have been trying to find the flag in AWS S3 - Attack and Defense room. I got the username and password but there's no way I am able to authenticate to http://bestcloudcompany.org/wp-login.php. I even logged into thes pinned up backup AMI. Can anyone help?

Can anyone who has already solved the lab send the flag since I'm done with the whole solution except logging into bestcloudcompany which is giving me "incorrect password"?

Why is this server so inactive?

@dense pivot @green briar anyone?

You're in a channel where people have to pay a separate cloud sub to access the content. Not a lot of users do that. The channel is inactive but server is active. Check #general Etc.

Could you kindly help me with this?

Unfortunately I have done very little of the AWS path. Have you tried looking for online walkthroughs?

I tried, there's none.

There were other people facing the same issue earlier. The support reverted them in like 3 months is what I see.

Hm let me see if I can forward this internally.

Do open a ticket too just in case.

I already sent a mail and raised the same query via support chat.

New issue, the AWS env is not resetting. It's taking forever to reset.

For anyone facing the same issue, here is the flag: || 47e94f90-cbb7-4c6a-aacc-f6ff765dc54a ||

@dense pivot Could you kindly check with the support team regarding an issue I had submitted via mail? The environment never gets reset. It just keeps saying "resetting" from past 5 days. I even created a support ticket and no response.

Do you have a ticket number ?

#89018103

I get the same problem. Unfortunately I can’t send a ticket but I’ve sent an email to support@tryhackme.com but there is no response

Neither for me until i tagged DKob and asked for a follow-up. It’s resolved now.

Thanks @dense pivot

Gave +1 Rep to @dense pivot (current: #22 - 521)

My problem resolved too. Awesome!

Bonjour

@warm crescent

hi

hiiii