cloud, hacking

flAWS Level 2 #aws #flAWS #flaws

Another day, another challenge.

Today’s blog post we will solve the second level of the flAWS CTF challenge.

To read the post for the first level click HERE.

Let’s get started.

Going to the URL: http://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/, we see:

flAWS_level_2_1flAWS_level_2_2

This challenge is similar to the level 1 except we need the free tier AWS account.

To complete that part of the challenge, click HERE.

Let’s list the bucket from level 2 and see if we can find anything.

We’re going to run the command we did in level 1:

aws s3 ls <s3 domain>

We will enter the command: aws s3 ls s3://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/

Doing this we have:

flaws_level2_listing_directory

We have a secret file titled, secret-e4443fc.

Let’s see if we can access this file.

Appending this file to the URL, we get:

flAWS_level2_solved

Yay!! We have solved the challenge.