Pentester lab recon 03 The goal here is to find a directory with a directory listing available on the main website for hackycorp.com. The key is exploring directory listings and identifying potentially sensitive files, which could expose sensitive information.

Solution:

On viewing the page source of the website, we see that we are loading assets from different directories.

It is important to check all the files to see where they are coming from, and check the directories, go one directory up to see if you have directory listing, and find other files that are potentially interesting, for example js files which may contain api keys, files with credentials, etc.

In this one, we see the assets and the images directory, which have website assets. We also have the bruteforcing option, where we can use gobuster to bruteforce and find directories that reveal the key.

The images folder is promising, and we go into it, go one directory up, and exit the source code view to get a file, which contains the flag

Thank you