Type
Research
Actors
Pub. date
January 13, 2022
Initial access
Web vulnerabilityCloud native misconfig
Impact
Resp. disclosure
Observed techniques
Targeted technologies
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
NCC Group performed a pentest against a web application, in which they leveraged anonymous access to discover a sitemap folder that turned out to be an S3 bucket with directory listing enabled. NCC identified a bash script containing a hardcoded Git credential, which granted access to a Jenkins server as a limited user, but the researchers managed to escalate their privileges to admin and then proceeded to dump credentials including AWS access tokens, SSH certificates and more.