flaws.cloud walkthrough | AWS penetration testing — Level-5



So, Well, I tried to access the /proxy/ to get the meta data, I was able to browse to a lot of hidden folders and sub folders.

One of them looked to juicy.


Also, One more URL,


Now after the configure profile command from the aws-shell

Command: aws configure — profile level3

Now, from the .aws folder in the user/(youruser)/.aws directory edit the credentials file and add the aws_sesssion_token = the token you just got above.

Now let’s try to see the s3 buckets.

Now, just copy the directory ddcc78ff/ and append it after the level 6 URL.

Bingo We’re at level 6



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store