Skip to main content

flAWS level 6

okay so lets read the description ..

Screenshot 2026-06-11 at 18 30 36

credentials are given ... configure your aws using those credentials

then lets list the lambda functions first to see what we are working with.
aws lambda list-functions --profile flaws6 --region us-west-2.

Screenshot 2026-06-11 at 18 35 19

found one named Level6 ... lets try to grab the source code
aws lambda get-function --function-name Level6 --profile flaws6 --region us-west-2 --query 'Code.Location' --output text

tried but it says access denied :(
access denied ... so we cant read the code directly ... the policy blocks it. but we can check what is allowed to trigger this function instead
aws lambda get-policy --function-name Level6 --profile flaws6 --region us-west-2

Screenshot 2026-06-11 at 18 37 26

look at the output ... in the source arn there is an api gateway id ... s33ppypa75 ... this is the front door.
now we just need the stage name for this api to build the actual url ...
aws apigateway get-stages --rest-api-id s33ppypa75 --profile flaws6 --region us-west-2

Screenshot 2026-06-11 at 18 39 42

so the stage name is Prod ... lets navigate there ...

Screenshot 2026-06-11 at 18 40 28

navigate again to the given dir ...

Screenshot 2026-06-11 at 18 40 55

and boom we completed the flaws challenge!! ...