Trufflehog Search
Difficulty:
Shown in Report
Gerty Snowburrow is standing near to that huge machine.
Objective Image
Back
Challenge

Use Trufflehog to find secrets in a Git repo. Work with Jill Underpole in the Cloud Ring for hints. What's the name of the file that has AWS credentials?

Solution

We'll open a terminal an run:

└─$ trufflehog https://haugfactory.com/orcadmin/aws_scripts
...
Filepath: put_policy.py
...
     region_name='us-east-1',
-    aws_access_key_id=ACCESSKEYID,
-    aws_secret_access_key=SECRETACCESSKEY,
+    aws_access_key_id="AKIAAIDAYRANYAHGQOHD",
+    aws_secret_access_key="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",
...

So the name of the file that has AWS credentials is put_policy.py

We get following hints:

(Attached) User Policies

AWS inline policies pertain to one identity while managed policies can be attached to many identities.

IAM Privilege Escalation

You can try s3api or lambda service commands, but Chris Elgee's talk on AWS and IAM might be a good start!