flaws2.cloud (Level 2)

n00🔑
3 min readJun 10, 2023

Level 2(http://level2-g9785tw8478k4awxtbox9kk3c5ka8iiz.flaws2.cloud/)

a) We start with a web application running inside a container @ http://container.target.flaws2.cloud/ which requires us to authenticate with a username and password which we don’t possess.

We have been provided an ecr (Elastic Container Registry) name- level2

b) Listing out images in the registry with our creds from level 1.

c) We have permission to get login password for ecr-

We found this in Level 1
aws --profile test --region us-east-1  ecr get-login-password
aws --profile test --region us-east-1 ecr get-login-password | docker login --username AWS --password-stdin 653711331788.dkr.ecr.us-east-1.amazonaws.com

d) Logging into the remote registry using this token and listing out images-

aws --profile test --region us-east-1 ecr list-images --repository-name level2

e) Pulling available images-

docker pull 653711331788.dkr.ecr.us-east-1.amazonaws.com/level2:latest

The docker pull the command is used to pull an image from a Docker registry to your local Docker environment. The command 653711331788.dkr.ecr.us-east-1.amazonaws.com/level2:latest specifies the image to pull from the registry.

  • 653711331788 is the AWS account ID of the owner of the Amazon Elastic Container Registry (Amazon ECR) repository.
  • dkr.ecr.us-east-1.amazonaws.com is the hostname for the Amazon ECR registry in the us-east-1 region.
  • level2 is the name of the repository in the Amazon ECR registry.
  • latest is the tag of the image to pull from the repository.

This command pulls the image with the tag latest from the level2 repository in the Amazon ECR registry owned by the AWS account with ID 653711331788 in the us-east-1 region. The image will be downloaded to your local Docker environment.

f) Running this container:

docker run 2d73de35b781
docker exec -it fc9d29fddd6e bash

g) Found python web server running-

h) Checking the index.htm file we found next challenege url-

http://level3-oc6ou6dnkw8sszwvdrraxc5t5udrsw3s.flaws2.cloud

Thanks for reading!! Please give your feedback.

--

--