Member-only story
S3 BUCKET AND FIREBASE BUCKET MISCONFIGURTION PART-2
Hi everyone.,, i am back with part 2 of s3 and firebase buckets
misconfiguration vulnerability exploit.if you miss part-1
look at this:
ok…,lets start our topic .
s3 bucket misconfiguration:
first if you found a s3 bucket using part-1 recon techniques.
now we need to test s3 bucket is vulnerable or not…
first install aws cli on kali linux using below command
sudo pip install awscli
if you got any errors first update and upgrade your kali,
then try this above command.
next need to list objects of s3 buckets, use below command.
aws s3 ls s3://bucketname — no-sign-request
here sometimes in web browser its shows no access to bucket
but some cases using above command it s gives access to list objects inside
the bucket.
next copy the file in to bucket. using below command
aws s3 cp aws.txt s3://bucketname — no-sign-request