Hacking Amazon s3 Buckets

July 04, 2018

Hacking Amazon s3 Buckets

What Is Amazon S3 Buckets ?

Amazon s3 Buckets are file repositories to store our files. We can store ‘n’ number of files with a size limit of 5TB. Each and every uploaded files will have a unique link and can be delivered through Amazon Cloudfront CDN. Many websites now a days use Amazon s3 Buckets to store datas like Images, Logs, Videos etc.

How to Hack Such Buckets ?

In the case of Amazon s3 buckets, Hacks occur due to the ACL misconfiguration of the Bucket. ACL means the Access Control Limits. If the developer is not giving proper care/importance while configuring s3 Buckets it is prone to such attacks.

Lets see how we can Hack into such a bucket.

Lets Take An example.

http://shopify.com.s3.amazonaws.com

This is a bucket used by shopify. What ever comes before .s3 is the name of the bucket, and in this case the name of the bucket is shopify.com .

To connect with such mis-configured buckets we need a s3 Client.

You can download the same from Amazon s3 Website.

You can install the AWS Command Line Interface by using this command.

apt-get install awscli

Now we need to configure the Client by entering Access Keys. You can generate the access key by creating an account and following the steps shown in the link.

https://aws.amazon.com/developers/access-keys/

Once we have the Access Keys we need to configure the client.

For which we can use the command

aws configure

Now enter the keys and get ready to hack.

So lets check http://example.com.s3.amazonaws.com is vuln or not.

To check if the Bucket that u want is vulnerable or not open the terminal and enter the following commands.

sudo aws s3 ls s3://bucket_name

As i said before the bucket name is whatever which comes before .s3, here it is example.com

Now after running the above given command, if you can see a list of files as shown in the screenshot, the bucket is vulnerable to s3 Bucket Take Over.