Recover the Cloud Ring

4.3 Trufflehog Search

Use Trufflehog to find secrets in a Git repo. Work with Jill Underpole in the Cloud Ring for hints. What's the name of the file that has AWS credentials?

Hint(s)

Solve

ANSWER: put_policy.py

Terminal answers

1.- Inital scan review

elf@ef250a6290e8:~$ trufflehog git https://haugfactory.com/asnowball/aws_scripts 
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

Found unverified result 🐷🔑❓
Detector Type: AWS
Decoder Type: PLAIN
Raw result: AKIAAIDAYRANYAHGQOHD
Commit: 106d33e1ffd53eea753c1365eafc6588398279b5 <-- HERE see this commit ID 
File: put_policy.py
Email: asnowball <alabaster@northpolechristmastown.local>
Repository: https://haugfactory.com/asnowball/aws_scripts
Timestamp: 2022-09-07 07:53:12 -0700 -0700
Line: 6

Found unverified result 🐷🔑❓
Detector Type: Gitlab
Decoder Type: PLAIN
Raw result: add-a-file-using-the-
Email: alabaster snowball <alabaster@northpolechristmastown.local>
Repository: https://haugfactory.com/asnowball/aws_scripts
Timestamp: 2022-09-06 19:54:48 +0000 UTC
Line: 14
Commit: 2c77c1e0a98715e32a277859864e8f5918aacc85
File: README.md

Found unverified result 🐷🔑❓
Detector Type: Gitlab
Decoder Type: BASE64
Raw result: add-a-file-using-the-
Email: alabaster snowball <alabaster@northpolechristmastown.local>
Repository: https://haugfactory.com/asnowball/aws_scripts
Timestamp: 2022-09-06 19:54:48 +0000 UTC
Line: 14
Commit: 2c77c1e0a98715e32a277859864e8f5918aacc85
File: README.md

elf@ef250a6290e8:~$ 

2.- Review the rest with no verification flag

elf@ef250a6290e8:~$ trufflehog git https://haugfactory.com/asnowball/aws_scripts --no-verification
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

Found unverified result 🐷🔑❓
Detector Type: AWS
Decoder Type: PLAIN
Raw result: AKIAAIDAYRANYAHGQOHD
Commit: 106d33e1ffd53eea753c1365eafc6588398279b5
File: put_policy.py
Email: asnowball <alabaster@northpolechristmastown.local>
Repository: https://haugfactory.com/asnowball/aws_scripts
Timestamp: 2022-09-07 07:53:12 -0700 -0700
Line: 6

Found unverified result 🐷🔑❓
Detector Type: Gitlab
Decoder Type: PLAIN
Raw result: add-a-file-using-the-
File: README.md
Email: alabaster snowball <alabaster@northpolechristmastown.local>
Repository: https://haugfactory.com/asnowball/aws_scripts
Timestamp: 2022-09-06 19:54:48 +0000 UTC
Line: 14
Commit: 2c77c1e0a98715e32a277859864e8f5918aacc85

Found unverified result 🐷🔑❓
Detector Type: Gitlab
Decoder Type: BASE64
Raw result: add-a-file-using-the-
Commit: 2c77c1e0a98715e32a277859864e8f5918aacc85
File: README.md
Email: alabaster snowball <alabaster@northpolechristmastown.local>
Repository: https://haugfactory.com/asnowball/aws_scripts
Timestamp: 2022-09-06 19:54:48 +0000 UTC
Line: 14

elf@ef250a6290e8:~$ 

3.- Clone the repo and read the content file using git commands

elf@9ae78a2aedc7:~$ git clone https://haugfactory.com/asnowball/aws_scripts.git 
elf@9ae78a2aedc7:~$ cd aws_scripts/

elf@ef250a6290e8:~/aws_scripts$ git diff-tree --no-commit-id --name-only -r 106d33e1ffd53eea753c1365eafc6588398279b5 
put_policy.py  <--Voila!  FLAG