Bugged by Backup Files: How .zip and .bak Gave Me the Source Code
1 min read
Summary
A hacker recounts their successful exploitation of a misconfigured backup file they discovered during a routine reconnaissance mission.
They had been conducting mass reconnaissance, searching for vulnerable sites to exploit when they came across the file.
Rather than look for typical URLs with parameters like ?id= or ?q=, they searched for interesting file extensions like .zip, .tar, .bak, .tar.gz, and .rar, which can often be seismically vulnerable.
The target domain dev.target.com appeared to be connected to a backup site, and further investigation revealed a link to a backup-site.bak file, which often contains unencrypted sensitive information.
They proceeded to explore the file and discovered .env files, which can contain database passwords and other critical info.
This resulted in a significant payday with very little effort.