 _____  _       ____  __    __  _____
|     || |     /    ||  |__|  |/ ___/
|   __|| |    |  o  ||  |  |  (   \_ 
|  |_  | |___ |     ||  |  |  |\__  |
|   _] |     ||  _  ||  `  '  |/  \ |
|  |   |     ||  |  | \      / \    |
|__|   |_____||__|__|  \_/\_/   \___|

Level 6: Hint 2

You now know that you have the ability to GET "arn:aws:apigateway:us-west-2::/restapis/*"

The API gateway in this case is used to call a lambda function, but you need to figure out how to invoke it.

The SecurityAudit policy lets you see some things about lambdas:

aws --region us-west-2 --profile level6 lambda list-functions

That tells you there is a function named "Level6", and the SecurityAudit also lets you run:

aws --region us-west-2 --profile level6 lambda get-policy --function-name Level6

This tells you about the ability to execute `arn:aws:execute-api:us-west-2:975426262029:s33ppypa75/*/GET/level6\` That "s33ppypa75" is a rest-api-id, which you can then use with that other attached policy:

aws --profile level6 --region us-west-2 apigateway get-stages --rest-api-id "s33ppypa75"

That tells you the stage name is "Prod". Lambda functions are called using that rest-api-id, stage name, region, and resource as https://s33ppypa75.execute-api.us-west-2.amazonaws.com/Prod/level6

Visit that URL.