Hi Guys, Welcome to InfoSecSecure.

In this Blog, we are going to solve Flaws.cloud LEVEL2 challenge. we will not only solve the challenges other than will provide the impact & mitigation /solution for this vulnerability. First of all, you need to understand why we should solve flaws.cloud challenges.

Simple Answer for that If you want to cloud pentester or want to grow your carrier in Cloud Security. You need to solve flaws.cloud challenges etc…

There are no SQL injection, XSS, buffer overflows, or many of the other vulnerabilities you might have seen before. These challenges provide us the knowledge of basic vulnerability. which we don’t think, That It can be a vulnerability. in this flaws.cloud level 1 challenges there are AWS configuration-related vulnerabilities. which we are going to discover :

Before solving this challenge. you should be aware of S3 bucket and Region. If you don’t know. Don’t worry. We will provide a small Intro for the S3 bucket and Region.

S3 bucket: S3 bucket like a harddisk or pendrive. where we create the folder or store the data.

Region: Region like a location. where we store our data. For ex: In India. Mumbai is one AWS region, on this region we can store our data.

Let’s solve this challenge:

Challenge: In this challenge, victim created a S3 bucket and by mistake, he permitted everyone which means any AWS account user can access this S3 bucket.

Solution: We have to take advantage of this vulnerability and access the S3 Bucket and download important or secret files. on this file, there may be some sensitive information.

We will follow some steps to solve this challenge:

  • Open LEVEL2 challenge website and read the highlight point.
  • Open CLI termianl and now we have to check the content in S3 Bucket so Run ” aws s3 –profile Anonymous ls s3://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud ” command. Where we have entered Anonymous here you have to enter your AWS profile configured user name. If you don’t know how to create a user and configure it on CLI: Click here
    • Here’s a breakdown of the entire command:
      • aws s3: This indicates that you’re using the AWS CLI to interact with S3.
      • –profile Anonymous: The –profile flag is used to specify an AWS CLI named profile. In this case, the profile name is “Anonymous.” AWS CLI profiles allow you to manage multiple sets of AWS security credentials.
      • ls: This is the command to list the contents of a bucket or a prefix in a bucket.
      • s3://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud: This is the S3 bucket or object URL you want to list. In this case, it appears to be a specific S3 bucket named “level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud.” So, the command is essentially asking AWS to list the contents of the specified S3 bucket using the “Anonymous” profile. This could be useful, for example, to check what objects are present in the given S3 bucket.

Keep in mind that for this command to work, you need to have the AWS CLI installed and configured with the necessary credentials. Additionally, the “Anonymous” profile should be set up with the required permissions to access the specified S3 bucket. Click here for an understanding of how to create a user, AWS CLI installed and configured with the necessary credentials.

Observe the highlight point. there are some sensitive files in S3 bucket. now we have to download these sensitive files using the AWS CLI command.

  • We have to download the secret ” secret-e4443fc.html ” file For the download file we have to run ” aws s3 –profile Anonymous cp s3://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/secret-e4443fc.html Follow-InfoSecSecure.html “. This command copies the file secret-e4443fc.html from the specified S3 bucket to the local directory with the name Follow-InfoSecSecure.html.
    • Here’s a breakdown of the entire command:
      • cp: This is the command to copy files or objects. It is followed by the source and destination locations.
      • s3://level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/secret-e4443fc.html: This is the source location. It’s an S3 URI pointing to a specific file (secret-e4443fc.html) in the bucket named level2-c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud.
      • Follow-InfoSecSecure.html: This is the destination location. It specifies the file name to be used when copying the object. The file will be created in the current working directory unless a different path is specified.
  • Observe the file that has been downloaded in our local directory. Now we will open this file with Firefox. you can use any browser to open this file.

As we have mentioned above after solving this challenge we will discuss about impact & mitigation of this vulnerability.

Impact for S3 bucket allows access to everyone :

  • Unrestricted access allows anyone to view, download, or modify the data in the S3 bucket.
  • Sensitive information, such as personal data or proprietary business data, may be at risk.
  • Unauthorized access could lead to data corruption or unintended modifications.
  • Breaches and data leaks can harm the organization’s reputation and erode customer trust.

Mitigation for S3 bucket allows access to everyone :

  • Implement and enforce proper access controls using AWS Identity and Access Management (IAM).
  • Restrict access to specific IP addresses or IP ranges.
  • Use bucket policies and IAM policies to define who can access the bucket and what actions they can perform.
  • Enable server-side encryption to protect data at rest.
  • Set up AWS CloudTrail to log all S3 bucket-related activities.
  • Enable S3 bucket logging to capture access logs for further analysis.
  • Implement real-time monitoring and alerts for suspicious activities.
  • Avoid using overly permissive “public” or “everyone” access in policies.

Here we have successfully solved the LEVEL2 challenge. In the Next Blog, We will solve the LEVEL3 challenge.