From Misconfigured S3 Bucket to Critical Vulnerability
While doing some recon and finding some S3 buckets that seemed that might be well configured. I never came across a great opportunity of finding a misconfigured S3 bucket. That’s why this post from Harsh Bothra seemed such a great example and learning source, therefore all credits to him.
Harsh Bothra while doing recon, he found an asset which was a bucket hosting static resources. The bucket was open, therefore the next action to proceed was to check the following permissions according Harsh Bothra.
- Create something on the bucket
- Modify something on the bucket
- Delete something on the bucket
- Read some sensitive data on the bucket (case-by-case basis)
Therefore, in order to test this, AWS CLI can be helpful.
- In order to check if you have access to upload or create a file use the following command.
aws s3 cp yourtestfile.txt s3://bucketname
- In order to check if you have access to delete a file use the following command
aws s3 rm s3://bucketname/yourtestfile.txt