Cloud Attacks

Amazon Web Service (AWS)

Cloud-based object storage service. Allows objects to be stored in containers called buckets.

Configuration

We can interact with S3 buckets with awscli. Let's start it and configure it with arbitrary values for all fields. (This is because sometimes the target server is configured not to check authentication.)

apt install awscli

aws configure # random value, es. temp

Bucket

We list all S3 buckets hosted by the server.

aws --endpoint=http://s3.<DOMAIN> s3 ls

Object

We list the common objects and prefixes in the specified bucket.

aws --endpoint=http://s3.<DOMAIN> s3 ls s3://<BUCKET>

Download

We can download objects from the buckets.

aws --endpoint=http://s3.<DOMAIN> s3 cp s3://<BUCKET>/<FILE> ./<FILE>

Upload

We can upload object into the buckets.

aws --endpoint=http://s3.<DOMAIN> s3 cp ./<FILE> s3://<BUCKET>/<WHERE>

Last updated 8 months ago

Was this helpful?