# Level 5

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2FTs9Bg3FgfdWQUONCoLYX%2Fimage.png?alt=media&#x26;token=81ece870-58bb-4cbd-a572-81d8c551bb69" alt=""><figcaption></figcaption></figure>

For Level 5, we are given information about an EC2 instance that has an HTTP Proxy in front of it.

AWS uses an IP address (169.254.169.254) as the endpoint for the instance metadata. This endpoint provides information about the instance and configuration details. Let’s visit it and see what can find. When visiting the endpoint, we find a directory. There are timestamps and then a file named “latest”.

```
http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/
```

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2Fs6DESt658yUO8a6b2Vro%2Fimage.png?alt=media&#x26;token=1cdda535-e666-4a9f-8576-74b0c45c0cef" alt=""><figcaption></figcaption></figure>

As we browse through the “latest” directory we come across more files.

```
http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest
```

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2FRYianRd8UAGF2bGdKyVu%2Fimage.png?alt=media&#x26;token=5f6486d0-7d4b-42dd-852b-5cb7dd085673" alt=""><figcaption></figcaption></figure>

Diving deeper into the meta-data file, there is a file named “identity-credentials”

```
http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data
```

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2F6X7U9CCEGHxVKAr4gzcm%2Fimage.png?alt=media&#x26;token=467dc214-3c63-4f34-a3e7-37fe70254fc0" alt=""><figcaption></figcaption></figure>

Within this folder, we find credentials.

```
http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws
```

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2F8JpXVGmkXGWw3CAq6HB4%2Fimage.png?alt=media&#x26;token=710027c9-38c7-4fd6-940a-e9c7eee092ab" alt=""><figcaption></figcaption></figure>

Let’s configure a new profile with these credentials.

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2F8CEeNV81r4XhRs7J2xYj%2Fimage.png?alt=media&#x26;token=3928cd54-e95d-4212-8daf-d527a8d3e066" alt=""><figcaption></figcaption></figure>

Since these credentials contain a token. We need to add it to the credentials file. We can access that file by using the following commands.

To do this, we need to navigate to the directory: `~/.aws/credentials`

Using the `nano` command, we can edit the contents of the file.

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2FmLXV4GJeECRKZbp45dTa%2Fimage.png?alt=media&#x26;token=67da61f7-bffc-4180-a642-945f59a43b17" alt=""><figcaption></figcaption></figure>

Within the credentials file,  it lists the current profiles that we created throughout this lab.

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2Fm7R0r3sD0BR1S2KJEe5G%2Fimage.png?alt=media&#x26;token=315ba759-6985-40a4-ad9d-fcbe88fb9db6" alt=""><figcaption></figcaption></figure>

Under flaws5 (the profile we created for level 5) we can add the token using "aws\_session\_token". Once saved, we can pivot back to the cli.

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2FnifhMCB12JKBL4bD9qEt%2Fimage.png?alt=media&#x26;token=2b2dad70-378d-4f94-9896-d19e7431c959" alt=""><figcaption></figcaption></figure>

Now that we are authenticated, let’s find out about the account that we are using.

```
aws sts get-caller-identity --profile flaws5
```

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2FM3t1pGCDV24buOzE4mLY%2Fimage.png?alt=media&#x26;token=b577909a-dbee-4bf4-af67-bc55a52598a2" alt=""><figcaption></figcaption></figure>

We need to list the contents of the bucket for Level 6. Let’s do that here. In doing so, we see that there is a directory called “ddcc78ff/”. Let’s navigate to it and see what we find.

```
aws s3 ls s3://level6-cc4c404a8a8b876167f5e70a7d8c9880.flaws.cloud --profile flaws5
```

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2FWMA1Sx54SBXmmVCm6bGE%2Fimage.png?alt=media&#x26;token=ecf48361-e700-44a1-be9d-6dc5f6526be5" alt=""><figcaption></figcaption></figure>

The directory leads us to Level 6!

```
http://level6-cc4c404a8a8b876167f5e70a7d8c9880.flaws.cloud/ddcc78ff/
```

<figure><img src="https://450836410-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fgns9cN7UvH1POIBCfrRn%2Fuploads%2FshMlqkIFrKi9nOavCAPN%2Fimage.png?alt=media&#x26;token=54a52c61-9f1d-4d76-b8d3-1f0ef7d6e072" alt=""><figcaption></figcaption></figure>