S3 Buckets Misconfigurations

Step 1: Create an AWS Account

• Visit the AWS website (https://aws.amazon.com) and create a free account

Step 2: Download and Install AWS CLI

Configuring settings for the AWS CLI - AWS Command Line InterfaceAWS Command Line Interface

Step 3: Configure AWS CLI

aws configure

Step 4: Interacting with S3 Buckets

List bucket contents: 
aws s3 ls s3://bucket-name

Download a file: 
aws s3 cp s3://bucket-name/file.png ./

Upload a file: 
aws s3 cp ./localfile.txt s3://bucket-name/poc.txt

Copy a File:
aws s3 cp test.txt s3://bucket_name

To move a file to a bucket:
aws s3 mv test.txt s3://bucket_name

Delete command:
aws s3 rm s3://qa-media.company/fileName.txt

To Dump Data:
aws s3 sync . s3://[bucketname]

Tools

GitHub - sa7mon/S3Scanner: Scan for misconfigured S3 buckets across S3-compatible APIs!GitHub

Lazy S3

bucket_finder

AWS Cred Scanner

sandcastle

Mass3

Dumpster Diver

S3 Bucket Finder

Checklist

• S3 Content Listing

U.S. Dept Of Defense disclosed on HackerOne: Misconfigured AWS S3...HackerOne

• User's Can upload any files without limits

BCM Messenger disclosed on HackerOne: API - Amazon S3 bucket...HackerOne

• No Authentication on S3 bucket and can be accessed by any user

Greenhouse.io disclosed on HackerOne: Open S3 Bucket Accessible by...HackerOne

• S3 bucket misconfig of pre-signed URLs

Bypassing and exploiting Bucket Upload Policies and Signed URLsLabs Detectify

https://www.youtube.com/watch?v=MBQJJ3jfJ8k

https://www.youtube.com/watch?v=G7Pre3Y46Fs

Another Resources

• https://awsdocs.s3.amazonaws.com/S3/latest/s3-qrc.pdf

How I earned $$$$ by Amazon S3 Bucket misconfigurations?Medium

S3 Bucket Misconfiguration: From Basics to PawnMedium

• https://www.youtube.com/watch?v=tvWLgvK3QWo&list=PLWDPse9uXlgPBpf_dY0M9bIE_8f6MUO6c