_____  _       ____  __    __  _____
|     || |     /    ||  |__|  |/ ___/
|   __|| |    |  o  ||  |  |  (   \_ 
|  |_  | |___ |     ||  |  |  |\__  |
|   _] |     ||  _  ||  `  '  |/  \ |
|  |   |     ||  |  | \      / \    |
|__|   |_____||__|__|  \_/\_/   \___|

Welcome to the flAWS challenge!

Brought to you by Scott Piper of Summit Route,
an independent AWS security consultant.
I offer training if you're interested in learning more about AWS security.

Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS). There are no SQL injection, XSS, buffer overflows, or many of the other vulnerabilities you might have seen before. As much as possible, these are AWS specific issues.

A series of hints are provided that will teach you how to discover the info you'll need. If you don't want to actually run any commands, you can just keep following the hints which will give you the solution to the next level. At the start of each level you'll learn how to avoid the problem the previous level exhibited.

Scope: Everything is run out of a single AWS account, and all challenges are sub-domains of flaws.cloud.

This was built by Scott Piper (@0xdabbad00, summitroute.com)

Feedback is welcome! For security issues, fan mail, hate mail, or whatever else, contact scott@summitroute.com
If you manage to find a flaw that breaks the game for others or some other undesirable issue, please let me know.

Thank you for advice and ideas from Andres Riancho (@w3af), @CornflakeSavage, Ken Johnson (@cktricky), and Nicolas Gregoire (@Agarri_FR)

Now for the challenge!

Level 1

This level is *buckets* of fun. See if you can find the first sub-domain.

Need a hint? Visit Hint 1