Level 6
A CTF walkthrough for level 6 of Flaws.Cloud
Enumerating Access Keys
In the previous level, we were provided with AWS access keys. Let's figure out who they're for and enumerate our access.
This time we can actually view our permissions!
The policies are pretty large so I won't paste them here but these commands will help you.
Enumerating Access with cloudfox
I ended up running cloudfox again with this new profile.
After enumerating the data, I discovered a service-role called Level6
and an attached policy AWSLambdaBasicExecutionRole
. Although only the lambda service could assume this role.
So that was my hint that we probably need to trigger a lambda function which will assume the Level6 role and likely provide us with the next clue.
Enumerating Lambda
We can enumerate lambda functions like this,
There's only one function and it's called Level6
.
If we view the lambda policy, we can see the Apigateway service is allowed to trigger this function.
So, we need to put together the API that we need to call. The format is like this,
With the enumeration thus far, we have all the details except the stage name but we can discover that like so,
Triggering the API
With all the required information discovered, we can trigger the API.
Navigating to the website, we discover the end of the challenge!
Wrap-Up
In Level 6, we enumerated our access with access keys discovered from the previous level. After much enumeration, this led to discovering an API that, once triggered, provided the end of the challenge.
Last updated