When Amazon Gave Me Free Storage (But I Gave It Back)

Free link🎈

Hi there!😃

You ever stumble upon free stuff on the internet? Like those shady “free iPhone” pop-ups? Well, I found something better — a whole Amazon S3 bucket, wide open and spilling secrets like my cousin at a family gathering.

Use tools like Amass, Subfinder, or crt.sh to find subdomains that may be linked to an S3 bucket. For example:

subfinder -d example.com -o subdomains.txt

Look for common bucket naming patterns:

assets.example.com.s3.amazonaws.comexample-assets.s3.amazonaws.comcdn.example.com

My brain immediately went, “Could it be…?”

Instead of ignoring it like a responsible adult, I did what any bug hunter would do — I clicked. And BAM! The forbidden treasure chest was wide open.

Use curl to check the accessibility of the bucket:

curl -X GET https://example-assets.s3.amazonaws.comAccess Denied: Bucket exists, but no permissions.NoSuchBucket: Bucket does not exist.XML Response with File Listing: Misconfigured bucket.

And just like that, I was welcomed with a delightful XML error message. Classic S3 vibes. But within that error message, I noticed something golden — the bucket name.

Next, I tried listing its contents:

aws s3 ls s3://example-assets --no-sign-request

And it worked. No authentication. No permissions. Just me, the bucket, and a load of files staring back at me like I’d just caught them gossiping.

Here’s what I found:

Backup Files: Because why not store all your sensitive backups publicly?Database Dumps: Bonus points for including credentials…