flaws.cloud Walkthrough | AWS Penetration testing — Level-3

Level 3:


Now try the first thing we do, check for the s3 buckets on that domain.

Well there seems to be a lot of files. Need to see which are juicy out of them.

we can download the whole bucket using sync command as below


We have successfully downloaded the full s3 bucket.

Now let’s check what’s in the git repo

First cd to the destination directory.

Now use the git status, log etc commands.

Here we can see that there is one commit where author has accidently addedd something.

Let’s check what did he do.

Well it looks like he saved the access keys and tried to remove it in the next git commit.

lets read that access keys and use them to create a new profile in aws-shell.


Secret Access Key: OdNa7m+bqUvF3Bn/qgSnPE1kBpqcBTTjqwP83Jys

Cool, let’s configure a profile named lab3.

So after configuring the profile let’s get the caller identity for the user.

Well from the above screenshot we can also get the folder name as backup.

Now try to list down the s3 buckets accessible to the profile by using the ls command.

From, the above URLs we can directly go to any level but anyway let’s learn and try not to just go to the end without learning the other modules.




Security researcher, Blogger, Bug Bounty hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Hard Reset LG X400

Hard Reset LG

Tackle COUNT(DISTINCT) on Synapse

What happens when you view a website? (3)-HTTP Request

Integrating Github and Jenkins using Docker:Automating the flow(CI/CD)-1

Let’s Connect Smartsheet to Tableau

How to Create Analytics app in Alteryx

You can ask but you might not like the answer via /r/funny…

Calendar module in python — print calendars and other cool functions

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kapil Verma

Kapil Verma

Security researcher, Blogger, Bug Bounty hunter

More from Medium

VIBRAin Class Tutor Program

Lazy Admin TryHackMe CTF Write Up

Vulnerability Management: how leaders can be proactive and ahead of attackers

Solving reversing challenges from MalwareTech.com