Open in app

Sign in

Write

Sign in

Setup your Terminal and CMD for AWS testing

Sourav Sahana
Sourav Sahana
Published in
3 min readFeb 12, 2020

Hi Hunters!! Hope you all are good and hunting well. In this write up you will see how I configured my terminal for AWS testing. If you already know about this then great, this is only for setup and who wants to know about aws testing.

Contains:

  1. Install AWS CLI
  2. AWS access key
  3. Some commands
  4. What you shouldn’t do

Install AWS CLI:

I hope you have already created your AWS account and ready to work with it. So let’s move to the installation part. For this you should have python installed in your machine.

  1. Go to this link and download the zip file.
  2. Unzip awscli-bundle file.
  3. Then run the installer file.

Then CLI tool will be install in your system.

OR you can install aws cli tool directly from your linux terminal:

#apt-get update && upgrade

#apt-get install awscli

For Windows download directly download MSI installer from this source: https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html#install-msi-on-windows

Ref: https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html

AWS access key:

This is also called IAM Users . You need this because using this key, your CLI tool will perform all the operations from your account.

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ .
  2. In the navigation pane, choose Users.
  3. If necessary, add the Access key ID column to the users table.
  4. The Access key ID column shows each access key ID, followed by its state; for example, 23478207027842073230762374023 (Active) or 22093740239670237024843420327 (Inactive).
  5. Now copy the Access Key ID and Access Key to somewhere else.
  6. Return your terminal and runthis command aws configure .
  7. Now enter you access key id and access key. Keep others as it is.
  8. Your aws cli tool is ready now.

Some commands:

1. To create bucket in your AWS account: aws s3 create-bucket — bucket my-bucket — region us-east-1

2. Show all contains in an open bucket: #aws s3 ls s3://demobucket

3. Upload a text file in s3 bucket: #aws s3 cp test.txt s3://demobucket

4. Delete file from a bucket: #aws s3 rm s3://demobucket/test.txt

When you are testing any website always check source code of the page. Because sometimes developer import js files, pictures, pdf, etc. from s3 storage. And they expose the bucket name in html source file.

What you shouldn’t do:

  1. Never upload any script program to a bucket. just upload a text file for POC.
  2. Do not create index file when you takeover a bucket.

3. Always upload uncommon file name in bucket like: F32E53HttPOC.txt

4. Don’t use any sensitive file you found from the bucket.

5. When you find a bucket url, don’t access it from browser. always use aws cli.

6. Don’t delete any files from the bucket which you didn’t uploaded.

7. Always be careful when you are deleting files from someone’s else bucket.

Thank you ! Hope you have enjoyed this post.

Happy Hacking !

Cloud Security
AWS
Bug Bounty
Hacking
Writeup

--

--

Sourav Sahana
Sourav Sahana

Written by Sourav Sahana

280 Followers
Writer for

Hey ! My name is Sourav and I’m a security researcher/Hacker from India. Follow me if you are bug hunter to see my findings.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams