flAWS 2 Attacker 1
lets look at the question
as usual .. as always .. do inspect element hehe
and we got something look ...
if you have done level 6 of flaws.cloud ... then you'll get the idea that this link is made of what ...
url : https://2rfismmoo8.execute-api.us-east-1.amazonaws.com/default/level1
this is api gateway url ... it follows the url pattern like https://{api-id}.execute-api.{region}.amazonaws.com/{stage}
here;
2rfismmoo8 is api gateway id
default is stage
level1 is specific resource i believe
now lets try something ...
intercept the request in burp .. and send something which is not a number ...
and boom lol ... we got everything ...
now go to your terminal .. configure your aws-cli with a new profile and all the necessary tokens ...
and we check the bucket also .. and we got a secret file ...
navigate there and you'll get another level ...