Level 2
A CTF walkthrough for level 2 of Flaws.Cloud
Last updated
A CTF walkthrough for level 2 of Flaws.Cloud
Last updated
In the previous level, we identified the entry point for Level 2 as level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud.
Again, we can look up the DNS records and identify this is also an S3 bucket hosting a website.
Level 2 is similar to Level 1 however this time we're unable to list the bucket contents as an unauthenticated user.
However, we can list the bucket contents as an AWS user. In this case, we can use an AWS account of our own with a user/role with S3 permissions (s3-ListBucket).
We've discovered the entry point for level 3!
In Level 2, we enumerate the domain we found in Level 1. After which we discover it's also a static website hosted on AWS S3. While we as an unauthenticated user could not list the bucket contents, we could as an authenticated user from our personal AWS account.
The website administrator may have thought "authenticated users" meant only users in their AWS account could list the bucket contents. However, as we've seen, this means AWS users in any AWS account.
Regardless, the data can be viewed as an unauthenticated user since we viewed it using curl. Having the ability to list the bucket contents made it easier to find the data in the first place.
