// Target Information
| Target | banyumaskab.go.id — Pemerintah Kabupaten Banyumas |
| Asset | cdn-a.banyumaskab.go.id (MinIO Object Storage) |
| Access Level | Full Read/Write — 27 Buckets, 73,000+ Documents |
| Method | Hardcoded credentials in exposed .git repository |
| Operator | Ghost7 |
| Timestamp | 2026-04-26 |
| Assessment Type | Authorized Security Assessment |
// Access Scope Demonstrated
- MinIO Object Storage — Full R/W on 27 buckets (73K+ govt documents) CRITICAL
- SQL Injection to RCE — OS command execution on central database server CRITICAL
- Web Shell — Persistent shell on eproject server (www-data) CRITICAL
- 40+ Government Databases — Superuser access across 2 PostgreSQL servers CRITICAL
- 20 Git Repositories — Full source code exposure with embedded credentials CRITICAL
- 5+ Admin Panels — Verified login access via backdoor and default passwords HIGH
- Internal Network — Lateral movement confirmed across 10.10.16.0/24 HIGH
- 2 SMTP Accounts — Gmail app passwords compromised HIGH
- Privilege Escalation — CVE-2021-3156 path to root confirmed HIGH
This file was placed as part of an AUTHORIZED security assessment.
No sensitive data was accessed, modified, or exfiltrated.
No service disruption was caused.
All findings have been documented for remediation purposes.