# A Bucket Load of Trouble

## Introduction

GlobalButter is launching a new product called 'StarTrekButter'. This will be a subsidiary of GlobalButter.

The admins of 'StarTrekButter' like to use a lot of AWS services, their favorite being Amazon S3.

However, they are very bad at security. There is news in the underground that someone has leaked some sensitive files into an S3 bucket but have poorly configured it making it available to the public.

Just some additional info, last week two buckets were discovered called 'admin.startrekbutter' and 'hr.startrekbutter'.

## Starting point

1. Download the custom dictionary from the link given below
2. Update the dictionary to fit the company's naming convention

## Your task

1. Find the name of the misconfigured S3 bucket
2. Find the 'flag.txt' file in the bucket

**Note: Use this custom dictionary stolen from their servers to find the bucket and the flag file. You may have to edit the dictionary to align with the company's naming convention as shown above!**

```
https://s3.amazonaws.com/awscloudsec-ctf-helpfiles/startrekbutter-bucketnames.txt
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xcriminal.gitbook.io/about-me/cloudsec/challenges/ctf/ctf-4-a-bucket-load-of-trouble.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.