recon_24 (assets)

View the exercise here: PentesterLab: Recon 24

OBJECTIVE

For this challenge, your goal is to look at the server used to load assets (JavaScript, CSS) and find a file named key.txt.

WHY?

It's essential to look for files that may be publicly available on the servers used to load assets.

SOLUTION

View Page Source of hackycorp.com

Click //assets.hackycorp.com/vendor…

Remove view-source: prefix of the URL

From the objectives, it says that the file name is key.txt

Append /key.txt in the URL to see the flag

Previousrecon_23 (commit message)Nextrecon_25 (S3)

Last updated

Was this helpful?