Recon 25
In this challenge, you need to look for a file named key2.txt in the place used to serve the assets for the main website
Objective
For this challenge, your goal is to look at the server used to load assets (JavaScript, CSS) and find a file named key2.txt
. However, this time you will need to be logged in to access it.
Amazon Web Services (AWS) Simple Storage Service (S3) allows file owners to set permissions on files. Historically, the rules "Any users" wasn't well explained and led a lot of people to think only people in their Amazon account could access a file. However, this was allowing any AWS account to access the file.
Why?
It's essential to check for files that may be publicly available on the servers used to load assets.