When Life Gave Me a 500 Error, I Found AWS Keys Instead! $$RF
1 min read
Summary
A hacker and bug bounty hunter known as iski shared their experience of attempting to discover sensitive information on a server, only to be faced with a series of errors and blocks.
They initially performed reconnaissance tasks and searched for potential targets, using command line tools and text files to generate a list of potential endpoints.
After attempting a basic open redirect test, iski progressed to more sophisticated payloads using various URL schemas in an attempt to perform server-side request forgery (SSRF).
Despite these efforts, the server remained unresponsive, prompting iski to use a Burp Collaborator in an attempt to engage the server, only to be presented with a 500 Internal Server Error and subsequent block from Cloudflare.
The article serves as a reminder of the challenges faced by bounty hunters and hackers when attempting to penetrate online services and systems.