Aws

The challenge provides Access Keys that are used to authenticate to the AWS instance and enumerate AWS IAM resources & Lambda function permissions. Leveraging those permissions, we can invoke a Lambda function to retrieve the hidden flag

The challenge is a webapp that has a SSRF vulnerability, the goal of the challenge is to exploit the vulnerability to steal sensitive EC2 metadata, then use the IAM credentials to make an authenticated API call and retrive the Instance ID which is the flag