Hacking Amazon s3 Buckets





What Is Amazon S3 Buckets ?


Amazon s3 Buckets are file repositories to store our files. We can store ‘n’ number of files with a size limit of 5TB. Each and every uploaded files will have a unique link and can be delivered through Amazon Cloudfront CDN. Many websites now a days use Amazon s3 Buckets to store datas like Images, Logs, Videos etc.

How to Hack Such Buckets ?


In the case of Amazon s3 buckets, Hacks occur due to the ACL misconfiguration of the Bucket. ACL means the Access Control Limits. If the developer is not giving proper care/importance while configuring s3 Buckets it is prone to such attacks.



Lets see how we can Hack into such a bucket.



Lets Take An example.



http://shopify.com.s3.amazonaws.com



This is a bucket used by shopify. What ever comes before .s3 is the name of the bucket, and in this case the name of the bucket is shopify.com .



To connect with such mis-configured buckets we need a s3 Client.

You can download the same from Amazon s3 Website.



You can install the AWS Command Line Interface by using this command.


apt-get install awscli


 
Now we need to configure the Client by entering Access Keys. You can generate the access key by creating an account and following the steps shown in the link.



https://aws.amazon.com/developers/access-keys/



Once we have the Access Keys we need to configure the client.

For which we can use the command


aws configure



Now enter the keys and get ready to hack.



So lets check http://example.com.s3.amazonaws.com is vuln or not.



To check if the Bucket that u want is vulnerable or not open the terminal and enter the following commands.



sudo aws s3 ls s3://bucket_name

As i said before the bucket name is whatever which comes before .s3, here it is example.com



Now after running the above given command, if you can see a list of files as shown in the screenshot, the bucket is vulnerable to s3 Bucket Take Over.



Even if the ls command fails, try to use other commands like mv , rm etc..



Here i will add a file to the bucket using mv command.


Even though it gave me an error, it is clear that aws_takeover.txt file is added into the bucket.


If we have such a permission to rm files, we can delete all the files present in the bucket causing large damage to the website. 

Impact


ACL misconfiguration error can be used to view, add, remove files from a bucket.  

For the Developers

Make sure that the ACL is configured properly.

Greets: Jineesh, Vijith, Nash

Hemanth Joseph

.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.