flaws.cloud walkthrough | AWS Penetration testing — Level -2
Well, if it’s similar that mean let’s try our first thing that means access the s3 bucket by appending s3.amazonaws.com after the URL.
Okay Well we tried, but the error says that access denied.
That means they have implemented some sort of Authentication/ Authorization for the s3 bucket.
Well sometimes it can be very loosely implemented access control.
Let’s see what can be done.
Well for accessing this bucket we first need the aws account(free tier would also work).
So we’ll just get the access Key ID and Secret access key from the AWS account and configure it.
You can learn how to access s3 bucket from the aws cli from the below AWS userguide.
Using high-level (s3) commands with the AWS CLI
When you use aws s3 commands to upload large objects to an Amazon S3 bucket, the AWS CLI automatically performs a…
you get the “secret-e4443fc.html” file
Let’s check that file.
Bingo let’s move to level 3.