search
githubEdit

Data Exfiltration

hashtag
AWS S3 Data Exfiltration

hashtag
It's possible to brute-force files in the bucket

hashtag
If the bucket is misconfigured, we can read data through web browser, cli/api or time-based URL.

hashtag
Public Access

hashtag
Just enter the URL in the browser

https://BUCKET-NAME.region.amazonaws.com/secret.txt

hashtag
Authenticated User

aws s3api get-object --bucket BUCKET_NAME --key OBJECT_NAME DOWNLOAD-FILE-LOCATION

hashtag
Time-Based URL

hashtag
Generate a time based url for an object

hashtag
Useful if the object is not public

aws s3 presign s3://BUCKET-NAME/OBJECT-NAME --expires-in 605000
PreviousS3 ChecklistNextAWS Simple Storage System (S3)

Last updated