Enumerating The Cloud
·Feb 8, 2023·
1 min read
- Determine if a site is hosted as an S3 bucket. Whatever IP is returned will redirect you to AWS S3 landing page.
dig +nocmd <domain name> any +multiline +noall +answer
- A reverse lookup shows what region the S3 bucket is hosted in.
nslookup <IP> # Returns: # Non-authoritative answer: # IP.in-addr.arpa name = s3-website-us-west-2.amazonaws.com
- To list the contents of an S3 bucket, you can use the following CLI command. If the bucket is misconfigured it will list its contents. Alternatively, you can visit a URL crafted as: `http://<domain name>.s3.amazonaws.com`
aws s3 ls s3://<bucket name>/ --no-sign-request --region <region>