AWS S3 Bucket Exposure


                                                        Amazon Web Services (AWS) S3 

Today it’s a great day. I just found something “misconfigure” server that uses AWS S3. This is not only a wrong setting, but it makes a fatal mistake that ends up leaking the data you have. So, let’s begin.

What is AWS S3?

Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage via a web service interface.

Let’s Start~

Start finding your vulnerability AWS S3, you can see like this if AWS S3 is opened:

if you see that AWS S3 Bucket showing the Bucket Result, there is vuln to be accessed on that server. Now open up your Terminal Favorite to connect to the server. Don’t forget to install the AWS S3 on Terminal. In this tutorial, I have to use Ubuntu from Windows. If you don’t know how to install, click here for detail.

Let’s Dig In!

For connecting to the server, you can use this command: aws s3 ls s3://bucket-name this command will showing up the file on that server (LS)

if you see like on the picture, that you have access to the bucket. Right now, I’ll try to upload some file from local to the bucket using this command: aws s3 mv <yourfile> s3://bucket-name

if you wanna see the file is success uploaded to bucket or no, use this command again aws s3 ls s3://bucket-name then scroll until you find the file.

Found the file? that is perfect! Now, how can we access that file on the public? open up your browser then navigate the AWS S3 Link. But, before you can access the file in public. We have to set the permission first use this command aws s3api put-object-acl –bucket bucket-name –key < yourfiles> –acl public-read if you don’t set the permission, you can’t see that file (access denied).

COOL! Your file right now is accessible, try open it with AWS S3 Link like this:

Want another cool command? Just use this command:

Download file from AWS S3 Bucket: s3cmd get s3://bucket-name/filename filename

(Use s3cmd module, visit for install)

Create a bucket : aws s3 mb s3://$bucket

Delete a bucket : aws s3 rb s3://bucket-name

and How we can fix it (mitigation)?

Change privileges on your bucket: (using AWS Command Line helps to prove that exploitation is possible.)

P.S. This is for educational purpose only, do with your own risk.

See Ü & Thank Ü!

Author : TuZKi666