intro to cloud hacking (leaky buckets)
ฝัง
- เผยแพร่เมื่อ 21 ก.ย. 2024
- Want to learn more? Make IT (and hacking) your job by learning skills from ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link
In this video, you'll learn how to hack the cloud, specifically Amazon S3. We'll cover what S3 buckets are, security basics, how to set up a bucket, how to set up AWS CLI, and how to use AWS Bucket Dump. We'll also explore some common flaws in S3 buckets and how to exploit them, using examples from flaws.cloud. To get started, all you need is a Linux machine (Ubuntu or Kali Linux), and a free AWS account if you want to try some of the more advanced steps.
Keep in mind that the techniques demonstrated in this video should only be used ethically and with explicit permission. We'll also provide resources for further learning, including the ITPro by ACI Learning Intro to AWS Pentesting course.
If you're interested in learning more about cloud security and ethical hacking, this video is for you. Don't forget to hit subscribe and turn on notifications for more videos like this!
Resources mentioned in the video:
-ITPro by ACI Learning (use code "networkchuck" for 30% off forever): itpro.tv
-Flaws.cloud: flaws.cloud
-AWS CLI: docs.aws.amazo...
-Grayhatwarefare: buckets.grayha...
-AWS Bucket Dump: github.com/jor...
-Worst S3 Hacks: businessinsigh...
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
**Sponsored by ITPro from ACI learning
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com...
Buy a Raspberry Pi: geni.us/aBeqAL
Do you want to know how I draw on the screen?? Go to ntck.co/EpicPen and use code NetworkChuck to get 20% off!!
fast and reliable unifi in the cloud: hostifi.com/?v...
#aws #s3 #kalilinux
Want to learn more? Make IT (and hacking) your job by learning skills from ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
**Sponsored by ITPro from ACI learning
🄵🄸🅁🅂🅃
25 seconds ago huh
Do a playlist about cloud services your awesome ❤
Hey Network Chuck!! I wish you can make a video to help me make a wifi adapter using a Pi Pico! You know, I can't buy a Wifi Adapter and Pi Pico is so helpful. Thanks in advance! I am a big fan and I can't wait for answer!!
Early crew 🤓😅😅🔥💚💚💚💚💚💚💚💚💪🏻🤑😌🤝🥳🥳🥰😈👿🐀.
This is epic. Network Chuck never makes a bad video. Keep up the good work.
Yes i agree mr roblox chad face
:3 Early crew 🤓😅😅🔥💚💚💚💚💚💚💚💚💪🏻🤑😌🤝🥳🥳🥰😈👿🐀.
Your comment is epic because it has no grammatical errors, unlike the a average comment. It's also the top comment. 😅🥇🤝
:3 Yesh, I've seen Daniel explain Burp Suite on David Bombal's TH-cam channel before. He's a great teacher! :3
Yes, always agree with a fellow Roblox chad face
As a cloud penetration tester, I can say with confidence that this is the best tutorial I have seen on intro cloud hacking.
Hey! How did you end up becoming a cloud penetration tester? Would be curious to know :)
Hey *Metaspyclub* what an amazing work this has been and with all the crazy detection that you guys make possible. You guys take hacking to a whole new level and get the job done ASAP!!! I'm wondering what are all your personal qualifications?I don't think that it was ever mentioned before.
Hi Chuck, glad to see you're doing well and back to making videos!!! I've been in the industry for quite a few years and stuff like this is sometimes what I need to get excited about tech again and work on my skills. The retrieving of the access key from a past commit was totally cool. I enjoy your enthusiasm and thank you for taking the time to make these videos. Have a good rest of your day! 🙂
*Metaspyclub* is a patriot for telling what he sees on a cheater’s text.
Today I learned to make coffee like networkchuck from this video 😁
There is no doubt that you will rise fast at the apex of your career MetaspyClub . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of IMpossible by becoming PRO at tackling PROblems. You Rock!.
FIRST, Hey network chuck! I have watched your videos for a little while and want to thank you for helping me with all these AMAZING tutorials
This is the first hacking video I had fun watching & actually understood everything. Tysm!
you really do inspire and change the world. Positivity is contagious
I love learning hacking from a non hacker! Thanks for teaching me how to be an unethical hacker! 😈
Amazing video.... but thank goodness for 75% speed option on TH-cam!
Hlo you are best hacker of this world
The invisible stairs trick is a classic, keep up the good work...😅
Dont open random files from foreign buckets like you did in the end! Some of those buckets are designed to be public!
:3 Early crew 🤓😅😅🔥💚💚💚💚💚💚💚💚💪🏻🤑😌🤝🥳🥳🥰😈👿🐀.
Don't*
:D Yesh, I've seen Daniel explain Burp Suite on David Bombal's TH-cam channel before. He's a great teacher! :3
@user-re9wu1rm7uwhat service did you purchase?
Thanks so much for making great hacking videos!
Hey Chuck. Just wanted to reach out. Love your Channel. I'm also in Cyber Security. Been for a while, and I find your channel to be very intriguing. Thank you for all these amazing videos. And yes, let's have some coffee! :)
can you please make a video about manual sql injection from url?
SQL injection is not a complex attack. You just need to understand how sql syntax is interpreted.
There is a really good xkcd comic that explains it very well. Just google "xkcd explained bobby tables" for a good wiki describing it.
To protect against it, thr application should "escape" any special characters before using them in SQL statements. This way things like quotes will be treated as part of the text in the variable rather than something that is to be interpreted by the database engine and thus being prone to exploitation.
So in summary, everything is fine if it is not public, also you can use pre-signed url
I literally typed out that url, worth it.
just found your video, thank you for sharing your knowledge.. I like your videos very much !!! learning a lot from them.
Hey Chuck 😊
You’re a ninja bro
Hi love your content ❤
how to hide the consumption of a giga that we use at the fiber optic provider
Hey, shouldn't you wet your filter first before adding coffee?
When sherry said the part about knowing you are in a relationship with a narcissist and being gaslit, when you start wanting to audio record conversations🤢 That literally made me feel sick. So many times I found myself wanting to do that so I can prove what I am saying is real and the truth but of course then there’s the fear of their reaction when you show them…I’ll be such a horrible person for having/needing to do that. It won’t even matter that WE proved we were right or they were “mistaken” or “forgot/confused” because they will not address the content of the recording and instead berate you for having the audacity to do that and how doing it makes us a horrible person or they’ll pull the “I’m sorry I’m sooOooOoo horrible, why are you even with me” “if you have to do that then we should just be done” they say anything other than taking accountability. The shitty part is some people would use that as a perfect opportunity to get out but sadly even though you are aware, it’s hard to leave. So them threatening scares you into submission, thanks *METASPYCLUB* for the phone evidences, I know I am not a horrible person for doing this but I just needed to know the truth
lol. good job for the disclaimer. but if someone were to come to this video to hack for bad reasons, they will probably ignore it. It should help for newer people though.
I have learned so much from you and Daniel!
Can you help me fix problem on kali Linux I launched airodump-ng and it not show anything help me out😢
🔥🔥
とても有益な情報なので
日本人ですが、チャンネル登録させて頂きました。
hey bro my kali linux tool Osintgram error for private api error please fix 🤣🤣🤣🤣
I'm not through this video yet, but many thanks as always, your enthusiasm always have me excited to learn.
Amazing Chuck
This is good content like in a good old days,you are the best
Lol I watched the whole ad because I wanted to see how you made coffee 😅
Fire video as always!
Subs of mine and I are trying to track down a bucket that we know is public access, but we only have the cloudfront domain forwarder. The game connected to that bucket shutdown in 2017, but for some reason the bucket contents and cdn are active
Cheers NetworkMates❤
Love you sir
24:36 - why python virtual env? because you can create multiple environments where you could install different versions of a package. For example, if you install a python app that requires specific version of the Request module, you need to install that version in your system, but now the version you installed is not compatible with other apps in your system. To solve the problem, you can create multiple virtual environments where you can install different versions of packages based on the requirements of the app.
absolutely brilliant !!!! mate
Epic ❤
print("Chuck, I watched all python videos on youtube, and yes I know that there are more, but they are paid, so I was wondering when you will post next video because the last one was 4 months ago. Please we need more python!!!")
Can we hack youtube algo?
YOUR EFFORTS AND COMPETENCY IN HELPING PEOPLE GET THEIR RECOVERIES ISSUE DONE MAKES YOU A LEGEND --- MetaspyClub
love you best teacher ever 🥰
Love all these videos … it could be argued that it’s not hacking the cloud though, it’s the company’s data, they still own it, they configure the security on it and control who can access it. AWS just provide a service to store this data
You read my search history
Really useful and informative demo - thanks so much !!! Learned more about AWS but for me.....the possible flaws 😘
Legit? Can i try if you are legit? Can you recover my old gmail account? Almost 1month problem .
Hey bro my Kali Linux tool osintgram error private api please fix my problem. 😂😂😂😂😂
Every time I am looking for something I need help with for my exams, I first search to see if network chuck made a video on it 😆
They will find reference pictures, comics, and drawings. I love to draw
Shhhhhhhhhhhh! Bruh. Seriously best video ever.
Please make a video about how to use AWS...
8 seconds ago? wow
Just amazing
Thanks Chuck!
surprised you don't weigh your coffee while pouring. as a coffee geek (as well as an IT hack) I need to weigh the water going into my coffee.
Thank you *Metaspyclub* , nothing could easily bring tears to my eyes specially like these ones that you provided that my significant other is cheating me, but actually you service is easy to use and Amazing
I love your content,
still dreaming of episode about relational databases :3
Can I get a
your content is like a PowerPoint presentation
If yall want to get to the root directory quickly without inputing a bunch of "cd .." commands, just input the following command "cd \".
Yesh, I've seen Daniel explain Burp Suite on David Bombal's TH-cam channel before. He's a great teacher! :3
*Metaspyclub* is carrying the weight of the team, figuratively and literally haha. Nah you all actually pushed so hard, well done for the IG chats access!
Since you were asking I'm putting all my cat videos and digitalized letters to my grandmother on my Google cloud Drive.😂
Can you please clear my doubt that if i useyour link for itprotv, i will get 30% off on subscriptions payment whether monthly or annually?
Great content, as always!
Can u suggest any reading material ,books regarding hacking ,os and cybersecurity
To check logs in a git repo, the recommended way is the use `git log` or `git log --oneline` instead of digging into the `.git` folder.. that could lead to errors if you don't know what you're doing
Love ur videos
i'm n1
If you're reading this comment, salute to you bro 💯 i hope you win in life!
Your videos are stunning bro 😮
Please make a video of kali tool TBomb please
Good staff
hola
can you tell what AWS CLI i should install if i run a kali vm on a macbook air m1?
Using Kali and python
would you make about hacking someone's phones and his file on it?
can you please make a video about ELB AWS also?
plsssssssssssss
plsssssssssssssssssss
pleasssssssssssssssssssssseeee
You are looking at a living legend. I mean *Metaspyclub* is a living legend in cyber spy.
Big fan of India
This was so cool, thanks 👍🏻
Can you bless us with a pegasus video
I’m getting into cyber security wanted to ask if getting a mac is a good option ?
hey netwerk chuk vraag je kan voor router steken mail scant virussen spam tegenhouden peis veel mensen spam beu zijn soort Latta panden tussen router data controleert dan mail binen krijg door router eigenlijke soort virus scanner router beschermt, zou jij zoo iks kunne uit vinden jij bedrijven en mensen zouden handigen zijn
I love chuck
Could you do a video on books you'd recommend reading. General books that can correlate to IT, but overall beneficial recommendations?!
❤❤❤❤
Nice Chuck :D
Unless I have a VERY good reason not to, this goes into the CloudFormation template for every bucket I create:
PublicAccessBlockConfiguration:
BlockPublicAcls: True
BlockPublicPolicy: True
IgnorePublicAcls: True
RestrictPublicBuckets: True
I live for this shit man I just love watching your amazing content everyday & learning something new from it thank you!!
Your videos are so great that even I make videos like you do! Cool video by the way...........
Your content is fire, we need more and moore
It's called a slash not a whack! :D
Hi chuck, can you make a video about csrf because i couldnt make it work. Ur my fav yt tysm for the tutorials.