Recon 25

In this challenge, you need to look for a file named key2.txt in the place used to serve the assets for the main website

1-2 Hrs.
Recon Badge

For this challenge, your goal is to look at the server used to load assets (JavaScript, CSS) and find a file named key2.txt. However, this time you will need to be logged in to access it.

Amazon Web Services Storage Service (S3) allows file owners to set permissions on files. Historically, the rules "Any users" wasn't well explained and lead a lot of people to think only people in their Amazon account could access a file. However, this was allowing any AWS account to access the file.


It's essential to look for files that may be publicly available on the servers used to load assets.