Skip to content
Beginner Friendly
RedTeamBadge
aws

Access Secrets with S3 Bucket Versioning

Versioning can be useful, but can also leak secrets!

30 Minute Playing time
Beginner Friendly 

aws          RedTeamBadge

Access Secrets with S3 Bucket Versioning

Versioning can be useful, but can also leak secrets!

30 Minute Playing time
Overview

We created this beginner-friendly lab to teach about the potential dangers of S3 bucket versioning, if the admins have not sufficiently restricted who can access them, and about the dangers of inadequate data segregation and storing secrets in plain text fields. Advice on remediation is also included.

Scenario

Your team, renowned for its expertise in cloud security, has been enlisted by Huge Logistics to scrutinize their perimeter. Your main task? Investigate a specified IP range, noting that a specific IP address is frequently mentioned in their public documentation. Unearth any potential security issues and provide a roadmap to bolster their defenses.

Lab prerequisites
  • Basic Linux command line knowledge
Learning outcomes
  • Basic web enumeration
  • S3 bucket enumeration
  • Identifying and accessing file versions using cURL and the AWS CLI
Real-world context

S3 versioning can be very useful to guard against accidental file changes and deletions, and may even by mandated in some industries. Although AWS hasn't released any figures relating to the adoption of this feature, it's a something worth checking for when examining buckets. Credentials stored in JavaScript files and other client-side code is a common and real-world security issue. Storing sensitive information, such as API keys or credentials, directly within JavaScript files exposes them to anyone who can access or view the website's source code, which is inherently public.