# Level 4: Unencrypted Snapshots
### Task
For the next level, you need to get access to the web page running on an EC2 at [4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud](http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/)
It'll be useful to know that a snapshot was made of that EC2 shortly after nginx was setup on it.
### Resolution
1. **Listing EC2 Snapshots:**
For this level, we need to list the EC2 snapshots.
First, we need to identify our user's account (from the previous level):
```bash
aws --profile default sts get-caller-identity
```
Now, we list the snapshots:
```
aws --profile default ec2 describe-snapshots --owner-id
```
2. **Creating a Volume:**
Once we have the snapshot listed, we can create a volume.
However, with the user from the previous level, we don't have the necessary permissions. To fix this, we need to go back to **IAM** and add permissions. Since we don't have access to the previous user, we'll add the permissions to our own user and update our AWS configuration.
In the user's permissions, we need to create a new policy.
3. **Creating the Volume:**
Now, we try creating the volume again.
**Perfect!**
4. **Launching an EC2 Instance:**
The next step is to create an EC2 instance. In the AWS console, search for **EC2**.
Click on **Launch Instance**.
5. **Creating a Key Pair:**
Create a new key pair.
6. **Attaching the Volume to the EC2 Instance:**
First, we connect to our EC2 instance via SSH:
```
ssh -i YOUR_KEY.pem ubuntu@
```
Now, we mount the volume.
While exploring, we find a file called **setupNginx.sh** located in **/mnt/home/ubuntu**. We use **cat** to view its contents:
```
cat setupNginx.sh
```
Finally, we go back to the URL mentioned in **Level 4** and enter the credentials.
### Lesson Learned
AWS allows you to make snapshots of EC2's and databases (RDS). The main purpose for that is to make backups, but people sometimes use snapshots to get access back to their own EC2's when they forget the passwords. This also allows attackers to get access to things. Snapshots are normally restricted to your own account, so a possible attack would be an attacker getting access to an AWS key that allows them to start/stop and do other things with EC2's and then uses that to snapshot an EC2 and spin up an EC2 with that volume in your environment to get access to it. Like all backups, you need to be cautious about protecting them.
