flaws.cloud walkthrough | AWS Penetration testing — Level -2

Level 2:

Well, if it’s similar that mean let’s try our first thing that means access the s3 bucket by appending s3.amazonaws.com after the URL.

i.e., https://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud.s3.amazonaws.com/

Okay Well we tried, but the error says that access denied.

That means they have implemented some sort of Authentication/ Authorization for the s3 bucket.

Well sometimes it can be very loosely implemented access control.

Let’s see what can be done.

Well for accessing this bucket we first need the aws account(free tier would also work).

So we’ll just get the access Key ID and Secret access key from the AWS account and configure it.

You can learn how to access s3 bucket from the aws cli from the below AWS userguide.

Using high-level (s3) commands with the AWS CLI

you get the “secret-e4443fc.html” file

Let’s check that file.

Bingo let’s move to level 3.