Continuing from our previous blog Basics of AWS S3 Bucket Penetration Testing and once you have configured the AWS CLI setup we will move to exploit the AWS S3 bucket vulnerabilities.
AWS S3 Common Vulnerabilities:
Unauthenticated Bucket Access:
S3 bucket configured to allow anonymous users to list, read or write data to the bucket.
Semi-Public Bucket Access:
S3 bucket configured to allow access to authenticated users. In this case, a valid AWS access key and secret are required to test for this condition.
Improper ACL Permissions:
Amazon S3 access control lists (ACLs) enables us to manage our access to AWS S3 buckets. Each bucket and object has its ACL attached to it as a subresource. It also defines which AWS accounts or groups should be granted access and the type of access. This permission are readable publically this doesn’t show any type of misconfiguration of the bucket itself but may reveal which users have what type of access.
S3 Bucket is misconfigured to read all the contents publically (Unauthenticated Access to S3 Bucket)
Once we identify the bucket name, we try to list out contents in that bucket.
In this blog, we have learned that once we found an S3 bucket in the target application then, and how can we list out the contents of S3 bucket without authentication, Also how can we download, upload, delete content from the S3 bucket with an semi-authenticated user which happens due to the Improper ACL Permissions. In the next part, we will be learning more about other vulnerabilities related to AWS’s S3 bucket and its exploitations.
Akash Katare, He is an security enthusiast and an expert in vast domains such as Thick Client Security, Network, Web, Mobile and also in API security assessment. Akash is an Security Consultant at Securelayer7 is a technology fancier who has worked on multiple projects to help the clients eradicate the security problems within their systems.