LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

S3 Bucket Misconfiguration

4 years ago 213
BOOK THIS SPACE FOR AD
ARTICLE AD

once all done:—>->->->

Allows for full anonymous access (most easy to find and exploit )
Allows for arbitrary file listing
Allows for arbitrary file upload and exposure
Allows for blind uploads
Allows arbitrary read/writes of objects
S3 bucket reveals ACP/ACL

(Referred from other blog)

Command for listing items:

aws s3 ls s3://bucket name

Image for post

Image for post

Listing files

Sometimes you might get some access denied message so try this

Image for post

Image for post

If you get any access denied message try this it might work sometimes

We might get access denied message many time while listing the files but we might able to copy, move, delete files

Image for post

Image for post

Access denied when listing

Coping file to the bucket

aws s3 cp yourfile s3://bucketname/yourfile

Image for post

Image for post

I uploaded a simple txt file which was successful

removing file from the bucket

aws s3 rm s3://bucketname/yourfile

Image for post

Image for post

The file was removed

Moving file

aws s3 mv yourfile s3://bucketname/yourfile

Image for post

Image for post

The file was moved from my system to the storage

You can contact me via

https://www.linkedin.com/in/sudharshan-r-74954b191/

Thank you guys for reading my blog. If you like my blog you can share with your friends.

Read Entire Article
  3. S3 Bucket Misconfiguration

Related

How I got my first Hall of Fame - Bug Bounty

How I got my first Hall of Fame - Bug Bounty

Command Injection: Mastering Exploitation Techniques with a Comprehensive Cheatsheet

Command Injection: Mastering Exploitation Techniques with a Comprehensive Cheatsheet

$3 Billion Crypto Exchange XT Allegedly Hacked

$3 Billion Crypto Exchange XT Allegedly Hacked

Hackers Steal $17 Million from Uganda’s Central Bank

Hackers Steal $17 Million from Uganda’s Central Bank

Small Bugs, Big Bounties: A Hacker’s Guide to Quick Wins

Small Bugs, Big Bounties: A Hacker’s Guide to Quick Wins

Critical Vulnerability Discovered in Zabbix Network Monitoring Tool

Critical Vulnerability Discovered in Zabbix Network Monitoring Tool

Trending

1. Sabarmati Report
2. Amitabh Bachchan
3. Hunter Biden
4. Yeontan
5. Odisha Police Constable Admit Card
6. Skoda Kylaq
7. Shalini Passi
8. Suraksha Diagnostic IPO GMP
9. Filmfare OTT Awards winners
10. Chelsea

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved