The initial URL leads to an AWS S3 bucket which is storing the web assets for the website of a company called Huge Logistics.
Examining the source code of the webpage shows that the S3 bucket is being used to store static web assets, such as images, CSS, and JavaScript files.
An initial examination using the AWS CLI directly reveals that the bucket is publicly accessible, though further investigation shows that not all directories are accessible in this way.
One directory, named “shared,” contains a zip archive (,hl_migration_project.zip) that, when opened, contains a PowerShell script that appears to be intended for use in migrating secrets from an XML file format to AWS Secrets Manager.
The script contains the necessary AWS keys and secrets needed to carry out this operation.
After reading the script, some additional Amazon S3 bucket enumeration is carried out, and some additional directories are found, especially the /admin and /migration-files directories.
Further investigation reveals that the /admin directory contains a file called **website_transactions_export.