Access S3 Buckets with Leaked AWS Credentials
enumerationtool
Summary
Configure the AWS CLI with discovered access keys, then list S3 buckets against a custom endpoint (e.g. a self-hosted/MinIO service).
Walkthrough
When you recover AWS access keys, plug them into the AWS CLI and enumerate the storage backing the application. Many lab targets expose an S3-compatible service on a non-standard endpoint.
Steps
- Run
aws configureand paste the recovered Access Key ID and Secret Access Key (region/output can be left default).
``bash aws configure ``
- List buckets against the target's S3 endpoint, supplying the custom URL with
--endpoint-url.
``bash aws --endpoint-url http://<TARGET>:54321 s3 ls ``
Commands
bash
aws configure
bash
aws --endpoint-url http://<TARGET>:54321 s3 ls