Level 5
A CTF walkthrough for level 5 of Flaws.Cloud
Last updated
Was this helpful?
A CTF walkthrough for level 5 of Flaws.Cloud
Last updated
Was this helpful?
In the previous level, we identified the entry point for Level 5 as, http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/.
The webpage provides the Level 6 URL but it's incorrect as we need to access a sub-domain of it. Additionally, the page informs us that this web server is running a proxy and provides examples of how to access it.
Let's attempt to access the metadata service for EC2 and check if it has an EC2 Instance Profile attached.
Nice! So this EC2 has an Instance Profile called flaws. Let's check the credentials and verify they work.
We should be able to view the Level 6 website now using these credentials.
Looks like we found the subdomain we needed and when navigating to the website, we're provided with access keys for Level 6.
In Level 5, we discovered a proxy running on the EC2 server. The proxy enabled us to query the EC2's metadata service and obtain credentials from its Instance Profile. Using these credentials we enumerated the Level 6 bucket, discovered the subdomain, and accessed the website which provided AWS access keys.
The Instance Metadata Service (IMDS) is a service that enables accessing details about an EC2 instance such as its networking info, security groups, IAM role credentials, etc. If not in use, it should be disabled. More details can be found in the .
