How I earned $$$$ by Amazon S3 Bucket misconfigurations?

What is the important tools?

Now I’m going to talk about my finding and some tricks I used.

The commands I used it to check:

  • ls command:
  • Copy command:
  • Move/Rename command:
  • Delete command:
Number of exposed invoices
qa2-media.company bucket
Number of exposed invoices
dev-media.company bucket
  • qa-api.company.com
  • prod-api.company.com
  • api.company.com
  • media.company.com
Before I takeover it
After I takeover it

Lessons learned

  1. Amazon s3 buckets may contain a lot of misconfiguration so don’t ignore it.
  2. Always check where the images and JS files are uploaded. The company may be using Amazon s3 bucket.
  3. Understand how the subdomains or buckets is named so that you can use brute force in an orderly manner, that will give you more subdomains or more buckets to check them.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store