recon_24 (assets)

View the exercise here: PentesterLab: Recon 24

For this challenge, your goal is to look at the server used to load assets (JavaScript, CSS) and find a file named key.txt.

It's essential to look for files that may be publicly available on the servers used to load assets.

View Page Source of hackycorp.com

Click //assets.hackycorp.com/vendor…

Remove view-source: prefix of the URL

From the objectives, it says that the file name is key.txt

Append /key.txt in the URL to see the flag

Last updated 27 days ago