Writeup : Challenge-6
Challenge: “Team found an API Gateway with Id ‘543vvbi1bd‘ publicly accessible in us-east-2 region. There are allegations that you cant really bruteforce to find the right Endpoint and hence we have these access keys for you”
- Configure the terminal to use the mentioned AWS Keys.
- View the existing Routes to view a endpoint.
- Make the request to the obtained endpoint to get the flag.
Challenge gives us pair of access keys and secret keys. We would configure the terminal to use these access keys for API calls.
Once we have configured the keys, we would list all the routes belonging to the API Gateway.
aws apigatewayv2 get-routes --api-id 543vvbi1bd --region us-east-2
Having obtained the endpoint, we can construct the endpoint using API Gateway Id, Region name, Method Type and the endpoint