Recon 21

This challenge
For this challenge, your goal is to look at the repository repo4 and check different branches.

Why?
It's important to look at all branches as they may be used to store sensitive information.

查看repo4的分支

https://github.com/hackycorp/repo4/blob/test/KEY

Recon 22

This challenge
For this challenge, your goal is to find a file that has been deleted in repo9.

Why?
Often, when committing secrets by mistake, developers just remove the file and commit again. Leaving the information available for anyone willing to search for it.

恢复repo9中删除的文件

git log --diff-filter=D --summary
git checkout commitid ~1 KEY.txt

Recon 23

This challenge
For this challenge, your goal is to look at the repository repo0a and find sensitive information in the commit message.

Why?
It's important to look at commit messages and search for keywords.

查看repo0a commit Log

git log

Recon 24

This challenge
For this challenge, your goal is to look at the server used to load assets (JavaScript, CSS) and find a file named key.txt.

Why?
It's essential to look for files that may be publicly available on the servers used to load assets.

查找静态资源主机 Pentester Free Lab[21-26] Writeup

Recon 25

This challenge
For this challenge, your goal is to look at the server used to load assets (JavaScript, CSS) and find a file named key2.txt. However, this time you will need to be logged in to access it.

Amazon Web Services Storage Service (S3) allows file owners to set permissions on files. Historically, the rules "Any users" wasn't well explained and lead a lot of people to think only people in their Amazon account could access a file. However, this was allowing any AWS account to access the file.

Why?
It's essential to look for files that may be publicly available on the servers used to load assets.

Recon 26

This challenge
For this challenge, your goal is to look at the server used to load assets (JavaScript, CSS) and find a hardcoded key in one of the JavaScript files.

Why?
It's essential to inspect JavaScript files for hardcoded keys.

search key Pentester Free Lab[21-26] Writeup