29 Jun 2018
Hacking Tool – S3 decloaker
We are proud to present “S3 decloaker”
As the first website in the world, we got our hands on a secretly leaked hacking tool – that’s still working. Our source says that Amazon knows about it but haven’t still prioritized/managed to patch the vulnerability.
Remember where you found it first. Only at How-To-Hack.net
You can read more about Amazon S3 at the official website: https://aws.amazon.com/s3/
About the vulnerability
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
Download
bucket-disclose.sh