Level 2 – Challenge statement:
The next level is fairly similar, with a slight twist. You’re going to need your own AWS account for this. You just need the free tier.
flaws.cloud itself says it best:
Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS). There are no SQL injection, XSS, buffer overflows, or many of the other vulnerabilities you might have seen before. As much as possible, these are AWS specific issues. A series of hints are provided that will teach you how to discover the info you'll need. If you don't want to actually run any commands, you can just keep following the hints which will give you the solution to the next level. At the start of each level you'll learn how to avoid the problem the previous level exhibited. Scope: Everything is run out of a single AWS account, and all challenges are sub-domains of flaws.cloud.
Given that they say this is similar to before, I imagine it’s related to S3 permissions again – and they require us to have our own AWS Account – so initial thinking is this is a misconfiguration in cross-AWS account access.
We know the bucket name is level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud
Configure AWS CLI with your Access Key and Secret Key:
~$ aws configure AWS Access Key ID [********************]: AWS Secret Access Key [********************]: Default region name [ap-southeast-1]: us-west-2 Default output format [None]:
Now lets list the objects in the bucket via the AWS CLI:
:~$ aws s3 ls s3://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud --region us-west-2 --recursive 2017-02-27 10:02:15 80751 everyone.png 2017-03-03 11:47:17 1433 hint1.html 2017-02-27 10:04:39 1035 hint2.html 2017-02-27 10:02:14 2786 index.html 2017-02-27 10:02:14 26 robots.txt 2017-02-27 10:02:15 1051 secret-e4443fc.html
Again, the secret file looks good, lets open it in a browser
The URL format for S3 HTTP end points are as follows:
So given the information we have, we can tell that the s3 end point for this bucket is: http://s3-us-west-2.amazonaws.com/level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud
So lets open the browser too: http://s3-us-west-2.amazonaws.com/level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/secret-e4443fc.html
Level 3 unlocked.