PBQ 9: Cloud Security Assessment - AWS S3 Misconfiguration

AWS S3 Bucket Security Assessment

Szenario

During an external penetration test, you discover several AWS S3 buckets belonging to the target organization. Discovered S3 Buckets: 1. company-backups-2024 2. prod-database-dumps 3. public-assets-cdn 4. employee-documents 5. dev-application-logs Your Task: 1. Enumerate S3 bucket permissions and access controls 2. Identify publicly accessible buckets 3. Attempt to list, read, and write objects 4. Document potential data exposure risks 5. Recommend AWS security hardening measures

Anleitung

For each S3 bucket, test the permissions and identify the correct exploitation technique and remediation.

S3 Bucket 1: company-backups-2024

aws s3 ls s3://company-backups-2024 --no-sign-request

S3 Bucket 2: prod-database-dumps

aws s3 ls s3://prod-database-dumps --no-sign-request

S3 Bucket 3: employee-documents

aws s3 cp malicious.html s3://employee-documents/ --no-sign-request

S3 Bucket 4: dev-application-logs

aws s3 ls s3://dev-application-logs (requires any AWS account)

S3 Bucket 5: public-assets-cdn

aws s3 ls s3://public-assets-cdn --no-sign-request