CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page

Was this helpful?

  1. Module 19. Cloud Computing

3. Exploit S3 buckets

Using various techniques, you can exploit misconfigurations in bucket implementation and breach the security mechanism to compromise data privacy

Previous2. S3 Bucket EnumerationNext4. Perform Privilege Escalation to Gain Higher Privileges

Last updated 2 months ago

Was this helpful?

S3 buckets are used by customers and end users to store text documents, PDFs, videos, images, etc. To store all these data, the user needs to create a bucket with a unique name.

Listed below are several techniques that can be adopted to identify AWS S3 Buckets:

  • Inspecting HTML: Analyze the source code of HTML web pages in the background to find URLs to the target S3 buckets

  • Brute-Forcing URL: Use Burp Suite to perform a brute-force attack on the target bucket’s URL to identify its correct URL

  • Finding subdomains: Use tools such as Findsubdomains and Robtex to identify subdomains related to the target bucket

  • Reverse IP Search: Use search engines such as Bing to perform reverse IP search to identify the domains of the target S3 buckets

  • Advanced Google hacking: Use advanced Google search operators such as “inurl” to search for URLs related to the target S3 buckets

1. Exploit s3 buckets using aws cli

The AWS command line interface (CLI) is a unified tool for managing AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. Before starting this task, you must create your AWS account (https://aws.amazon.com). First install it and configure a profile.

pip3 install aws-cli
aws --help
aws configure  \\to configure user profiles

It will ask for the following details:

  • AWS Access Key ID

  • AWS Secret Access Key

  • Default region name

  • Default output format

  1. To provide these details, you need to login to your AWS account.

  2. Click Firefox icon from the top-section of the Desktop.

  3. Login to your AWS account that you created at the beginning of this task. Click the Firefox browser icon in the menu, type https://console.aws.amazon.com in the address bar, and press Enter.

    If you do not have an AWS account, create one with the Basic Free Plan, and then proceed

Click the AWS account drop-down menu and click Security credentials, as shown in the screenshot

Scroll down to Access Keys section. Click the Create Access Key button. In Continue to create access key?; check the check box and click Create access key.

Copy the Access Key and switch to the Terminal window.

In the terminal window, right-click your mouse; select Paste from the context menu to paste the copied AWS Access Key ID and press Enter. It will prompt you to the AWS Secret Access Key. Switch to your AWS Account in the browser.

Copy the Secret Access Key and minimize the browser window. Switch to the Terminal window.

In the terminal window, right-click your mouse, select Paste from the context menu to paste the copied Secret Access Key and press Enter. It will prompt you for the default region name.

In the Default region name field, type eu-west-1 and press Enter.

The Default output format prompt appears; leave it as default and press Enter.

Let us list the directories in the certifiedhacker02 bucket. In the terminal window, type

aws s3 ls s3://[Bucket Name]

Now, maximize the browser window, type certifiedhacker02.s3.amazonaws.com in the address bar, and press Enter. This will show you the complete list of directories and files available in this bucket.

Let us move some files to the certifiedhacker02 bucket. To do this, in the terminal window, type echo You have been hacked >> Hack.txt and press Enter. By issuing this command, you are creating a file named Hack.txt.

Let us try to move the Hack.txt file to the certifiedhacker02 bucket. In the terminal window, type

aws s3 mv Hack.txt s3://certifiedhacker02

You have successfully moved the Hack.txt file to the certifiedhacker02 bucket.

To verify whether the file is moved, switch to the browser window and maximize it. Reload the page.

To delete the Hack.txt file from the certifiedhacker02 bucket. In the terminal window, type

aws s3 rm s3://certifiedhacker02/Hack.txt 

By issuing this command, you have successfully deleted the Hack.txt file from the certifiedhacker02 bucket.

Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo
Exploit S3 Buckets - Flaws.cloud level 2
Exploit S3 Buckets - Flaws.cloud level 1
Flaws.cloud writeup | Complete walkthrough - CavemenTech - Demystifying TechnologyCavemenTech - Demystifying Technology
refer to the writeup
Logo