flAWS level 4
okay so right now we got the link to level 4 right
now lets look into what the question is
look at the questions .. its asking for webpage running on ec2 instance
An AWS Snapshot is a frozen, point-in-time backup of one of these EBS volumes. The vulnerability in this level is a classic misconfiguration: the target account accidentally set the permissions on snapshot snap-0b49342abd1bdcb89 to public.
Any AWS user can take a public snapshot and "hydrate" it ... meaning they can use it as a mold to press a brand new, identical EBS volume in their own AWS account.
so we got the snapshot id from here ... and now we will create volume using the create-volume command ...
now go to your aws console ... select the region you created the volume in .. here its United States (Oregon) ... us-west-2a ... then spin up ec2 instance
and make sure while selecting the network subnet you select the one that matches the availiability of your region ... else you wont be able to attach the volume ...
here select network subnet with us-west-2a ... or whatever matches yours ...
then navigate again to EBS section (volume) and select the volume you spun using your aws-cli ... and click the Actions button and attach volume ...
now ssh into your server and locate the volume using command lsblk ... and mount it ...
then cd into /mnt/flaws/home/ubuntu ... and check ...
and we got the username and password ...
navigate to 4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud ... and it will prompt for username and password ... write them and you'll get level 5