Flaws.Cloud

As part of my learning all about pentesting, I decided to have a go at some cloud stuffs!

This has started with Flaws.Cloud This is a brilliant introduction to AWS terminology, understanding S3 buckets, EC2 instances and some basic security understanding.

The one problem that myself and my colleague Nick had while doing it, is the hints are more of a walkthrough. So we have written this blog post to give hints, google searches and ideas without giving away the answer.

Before you start it’s worth setting up a free AWS account (there is a free tier for 12 months) and installing the AWS CLI. (On either Windows or Linux).

So, let’s get the clues rolling!

Level 1

Level one is about buckets and the way buckets can host static websites.

The interesting thing is the bucket must be the same name as the domain name.

Permissions to this level are open to the whole internet, so don’t worry if you haven’t signed up yet.

Clue 1:

If only you could use some sort of lookup to get some additional information.

Clue 2:

Hopefully you can do a directory search on a bucket.

Life is so much easier if you live in Oregon.

Useful google:

High-Level commands with AWS CLI

 

Level 2

The permissions here are locked down slightly to only AWS users. If you’ve not signed up, now is the time!

Clue 1:

It’s best to configure your AWS CLI.

 

Level 3

This level shows slightly more about how data can be stored within AWS.

Clue 1:

I like going round and round and round in circles. Deeper and deeper I go, as I copy all the items.

Clue 2:

Everyone here has done ptp.ninja (previously hackshitup)

Clue 3:

There is no limit on the amount of people you can be!

I used to have one of these on myspace, now I have one on facebook.

Useful google:

High-Level commands with AWS CLI

 

Level 4

This level has the website running on an EC2 instance. Like any virtual machine, snapshots are important.

What is important here is there are separate sub-commands for various items within the AWS environment.

Useful google:

AWS CLI Sub Commands

Clue 1:

After I tag people in pictures, they normally ask me to describe them.

Clue 2:

The webGUI is as powerful as the CLI.

Clue 3:

I’d like my own one of those!

 

Level 5

This level looks at a HTTP only proxy and accessing some extra data.

Clue 1:

Everyone should be interested in data about data.
An IP address is your guide.

Clue 2:

What does happen when you do “aws configure”

Useful google:

AWS files

Level 6

The final level gives you creds and you must locate the additional services for the final end goal!

Clue 1:

WHO AM I? IAM not the winner yet!

Clue 2:

I’ve written up some official notes. It’s not version 1 or 2 or 3 though.

Useful google:

Serverless Code

Clue 3:

It might be 1337 speak. It might not be, either way it needs to give it a rest!

Clue 4:

I wish I had a testing environment, never mind we’ll just do it here!

Clue 5:

The web is made of patterns. I’m happy with the default.

Useful google:

Invoke a gateway

 

Congratulations you have now finished flaws.cloud. This officially makes you a Cloud Expert!

Leave a Reply

Your email address will not be published. Required fields are marked *