# AMI not worthy? - Solution ## Introduction Hoffman was an AWS Administrator who spent most of his time staring outside the office window in downtown Frankfurt and wondering "am i not worthy?". He hated his job. His only way out was to quit and move on to a different organization that would perhaps let him spread his wings and fly into the clouds. So, one day he moved all his sensitive information to an AMI, changed the permission to public and left, so that he could extract the contents later, from his new office across the city. He thought this would not raise any red flags, oh but he thought wrong, didn't he? Can you find the AMI and check what was the data Hoffman was planning to steal? ## Starting point Login to your AWS account and go to EC2 to begin your search. ## Your task 1. Identify the public AMI. 2. Read the flag from the user's home directory. ## Walkthrough 1. Login to your AWS account and navigate to EC2 > AMIs 2. Change the region to Frankfurt 3. Search for `hoffman` or `appsecco`. An AMI with id `ami-08a7f5963863d4492` is identified. 4. Create an EC2 instance from this AMI 5. Use the AWS Connect button to get a AWS web shell to the instance as root 6. Get the name and path of the home directory of the user `hoffman` - `cat /etc/passwd` 7. Access the flag at `/opt/home/flag.txt` folder --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xcriminal.gitbook.io/about-me/cloudsec/solutions/ctf-3-ami-not-worthy-solution.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.