intro to cloud hacking (leaky buckets)
Вставка
- Опубліковано 30 вер 2024
- Want to learn more? Make IT (and hacking) your job by learning skills from ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link
In this video, you'll learn how to hack the cloud, specifically Amazon S3. We'll cover what S3 buckets are, security basics, how to set up a bucket, how to set up AWS CLI, and how to use AWS Bucket Dump. We'll also explore some common flaws in S3 buckets and how to exploit them, using examples from flaws.cloud. To get started, all you need is a Linux machine (Ubuntu or Kali Linux), and a free AWS account if you want to try some of the more advanced steps.
Keep in mind that the techniques demonstrated in this video should only be used ethically and with explicit permission. We'll also provide resources for further learning, including the ITPro by ACI Learning Intro to AWS Pentesting course.
If you're interested in learning more about cloud security and ethical hacking, this video is for you. Don't forget to hit subscribe and turn on notifications for more videos like this!
Resources mentioned in the video:
-ITPro by ACI Learning (use code "networkchuck" for 30% off forever): itpro.tv
-Flaws.cloud: flaws.cloud
-AWS CLI: docs.aws.amazo...
-Grayhatwarefare: buckets.grayha...
-AWS Bucket Dump: github.com/jor...
-Worst S3 Hacks: businessinsigh...
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
**Sponsored by ITPro from ACI learning
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com...
Buy a Raspberry Pi: geni.us/aBeqAL
Do you want to know how I draw on the screen?? Go to ntck.co/EpicPen and use code NetworkChuck to get 20% off!!
fast and reliable unifi in the cloud: hostifi.com/?v...
#aws #s3 #kalilinux - Наука та технологія
Want to learn more? Make IT (and hacking) your job by learning skills from ITPro: ntck.co/itprotv (30% off FOREVER) *affiliate link
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
**Sponsored by ITPro from ACI learning
🄵🄸🅁🅂🅃
25 seconds ago huh
Do a playlist about cloud services your awesome ❤
Hey Network Chuck!! I wish you can make a video to help me make a wifi adapter using a Pi Pico! You know, I can't buy a Wifi Adapter and Pi Pico is so helpful. Thanks in advance! I am a big fan and I can't wait for answer!!
Early crew 🤓😅😅🔥💚💚💚💚💚💚💚💚💪🏻🤑😌🤝🥳🥳🥰😈👿🐀.
*Metaspyclub* is a patriot for telling what he sees on a cheater’s text.
Hey *Metaspyclub* what an amazing work this has been and with all the crazy detection that you guys make possible. You guys take hacking to a whole new level and get the job done ASAP!!! I'm wondering what are all your personal qualifications?I don't think that it was ever mentioned before.
Dont open random files from foreign buckets like you did in the end! Some of those buckets are designed to be public!
:3 Early crew 🤓😅😅🔥💚💚💚💚💚💚💚💚💪🏻🤑😌🤝🥳🥳🥰😈👿🐀.
Don't*
:D Yesh, I've seen Daniel explain Burp Suite on David Bombal's UA-cam channel before. He's a great teacher! :3
@user-re9wu1rm7uwhat service did you purchase?
Legit? Can i try if you are legit? Can you recover my old gmail account? Almost 1month problem .
This is epic. Network Chuck never makes a bad video. Keep up the good work.
Yes i agree mr roblox chad face
:3 Early crew 🤓😅😅🔥💚💚💚💚💚💚💚💚💪🏻🤑😌🤝🥳🥳🥰😈👿🐀.
Your comment is epic because it has no grammatical errors, unlike the a average comment. It's also the top comment. 😅🥇🤝
:3 Yesh, I've seen Daniel explain Burp Suite on David Bombal's UA-cam channel before. He's a great teacher! :3
Yes, always agree with a fellow Roblox chad face
Can we hack youtube algo?
hey bro my kali linux tool Osintgram error for private api error please fix 🤣🤣🤣🤣
8 seconds ago? wow
can you please make a video about manual sql injection from url?
SQL injection is not a complex attack. You just need to understand how sql syntax is interpreted.
There is a really good xkcd comic that explains it very well. Just google "xkcd explained bobby tables" for a good wiki describing it.
To protect against it, thr application should "escape" any special characters before using them in SQL statements. This way things like quotes will be treated as part of the text in the variable rather than something that is to be interpreted by the database engine and thus being prone to exploitation.
First comment
Hlo you are best hacker of this world
Hey bro my Kali Linux tool osintgram error private api please fix my problem. 😂😂😂😂😂
First?
First pin pls
i'm n1
can you please make a video about ELB AWS also?
plsssssssssssss
plsssssssssssssssssss
pleasssssssssssssssssssssseeee
So in summary, everything is fine if it is not public, also you can use pre-signed url
Today I learned to make coffee like networkchuck from this video 😁
haha
Can you help me fix problem on kali Linux I launched airodump-ng and it not show anything help me out😢
how to hide the consumption of a giga that we use at the fiber optic provider
i dont like coffee ...
hola
Hey Chuck 😊
Thanks so much for making great hacking videos!
I need a hacker whi can havk a website and i will oay him $2000 for my work
bro went to public buckets and says its hacking bruh!
First
Dont expose your S3 buckets to the internet. Rule of thumb.
Don’t expose important stuff to the internet. I really don’t get why companies would want to put their sensitive data on the cloud. Always assume there is someone who is better at hacking than you are at securing stuff.
I love learning hacking from a non hacker! Thanks for teaching me how to be an unethical hacker! 😈
So many bots in these comments unfortunately
You’re a ninja bro
FIRST, Hey network chuck! I have watched your videos for a little while and want to thank you for helping me with all these AMAZING tutorials
Hi love your content ❤
🔥🔥
I haven’t watched this yet, and I’ll bet that you actually didn’t hack s3. I’ll bet you set up horribly open permissions with horrible access policies and acl’s and then say, “look! I hacked it!”
No
As a cloud penetration tester, I can say with confidence that this is the best tutorial I have seen on intro cloud hacking.
Hey! How did you end up becoming a cloud penetration tester? Would be curious to know :)
Hi Chuck, glad to see you're doing well and back to making videos!!! I've been in the industry for quite a few years and stuff like this is sometimes what I need to get excited about tech again and work on my skills. The retrieving of the access key from a past commit was totally cool. I enjoy your enthusiasm and thank you for taking the time to make these videos. Have a good rest of your day! 🙂
Amazing video.... but thank goodness for 75% speed option on UA-cam!
1st one
Love you sir
Can someone pls make me a youtube vpn or a free software that lets you to access youtube for free without wifi or data (only for youtube) for pc. Plsssss
Its just that I want it. If you are seeing this pls help me. I am just 13 yrs old
😥.
You probably know when you already in some homies clan hacking beard you like stuff. Put the corns into this package. I would write to you, but then I have some questions. Why should I be stored in your like chain or will some ninjas come after me hunting me down if they see me in a street.
1
I pay for youtube so i dont get ads, yet here we are. pimping out nonsense for janky vendors
Can I get a
Hi Cuck, my sincere apologies about the late reply but can you dm me about AI implementation into defense and war strategy
did you just say the internet lives on AWS? i expect better from this channel on terminology correctness
hey netwerk chuk vraag je kan voor router steken mail scant virussen spam tegenhouden peis veel mensen spam beu zijn soort Latta panden tussen router data controleert dan mail binen krijg door router eigenlijke soort virus scanner router beschermt, zou jij zoo iks kunne uit vinden jij bedrijven en mensen zouden handigen zijn
They will find reference pictures, comics, and drawings. I love to draw
Hey, shouldn't you wet your filter first before adding coffee?
I literally typed out that url, worth it.
No one knows i hack comment section 😂😂
Well they do now :D
Hahahhhhhaahah no problem windows have visual network for cloud
Epic ❤
Hi,
Can a hacker bypass opt if yes make a video of how a hacker can bypass opt.
would you make about hacking someone's phones and his file on it?
Amazon S3 is way to expensive like azure.
Why is the title lowercase. It's bugging me so much!
@NetworkChuck what are your thoughts on pegasus sp*ware
First comment
Largest cloud service provider also known for the most stupid services names i ever seen
How do I download nslookup command cuz I don’t have it
Hi i need help can anyone help me
I need Snapchat username checker
But i have phone
Krabby Patty secret formula….😳
hay man, got say it, your vids...can say that saved my live, i not a programmer first at alll.... but i'm into a 5yrs of study all strange things happenin in my hacker devices.... and now i need a new content, one that can save me from my bit@#) stalker .......here it goes ..... i need learn rootkit that steal firmmware, inject code to ROM....fake BIOS ....can this really axist ?? hey chuck coffe inst workin, been days awaken ..give me some direction
can you please make a video about ELB AWS also?
plsssssssssssss
plsssssssssssssssssss
pleasssssssssssssssssssssseeee
I Know why they named it grey hat, cause a black hat is a hacker that steal your information, white hats are GOOD hackers( AKA Ethical hacker) and they also need permission. Grey hats don't need permissions because they are COOL
print("Chuck, I watched all python videos on youtube, and yes I know that there are more, but they are paid, so I was wondering when you will post next video because the last one was 4 months ago. Please we need more python!!!")
Link Hacking slot situs Indonesia??
The setting on level 2 is so ridiculous. I can’t see why the AWS came up with this. Where they thinking of AWS family where all companies can access other companies stuff ?
just found your video, thank you for sharing your knowledge.. I like your videos very much !!! learning a lot from them.
Can you please clear my doubt that if i useyour link for itprotv, i will get 30% off on subscriptions payment whether monthly or annually?
How to close LAN router fast Ethernet ports?
surprised you don't weigh your coffee while pouring. as a coffee geek (as well as an IT hack) I need to weigh the water going into my coffee.
Am I first?
Gongrats u are
No
yes
nah I made it first, I refreshed to check
@@VII070 use newest first to see
Cheers NetworkMates❤
Fire video as always!
とても有益な情報なので
日本人ですが、チャンネル登録させて頂きました。
Sir help me my Facebook account was hacked someone haw I get back 😢😢😢
This... is a bucket!
Dear god-
There's more!
No...
Can u suggest any reading material ,books regarding hacking ,os and cybersecurity
aws s3api put-bucket-lifecycle-configuration --bucket YOUR_BUCKET_NAME --lifecycle-configuration '{
"Rules": [
{
"ID": "RuleToExtendRetention",
"Status": "Enabled",
"Prefix": "path/to/object",
"Transitions": [
{
"Days": 365, # New retention period in days
"StorageClass": "STANDARD_IA" # New storage class after the retention period
}
],
"Expiration": {
"Days": 365 # New expiration period in days
}
}
]
}'
Through that can I extend the s3 lifespan?
can you tell what AWS CLI i should install if i run a kali vm on a macbook air m1?
Can you bless us with a pegasus video
The invisible stairs trick is a classic, keep up the good work...😅
Here is a tip: Do not set up an AWS account at night when people are sleeping in the house. "We are calling you" geez really?
Still waiting for Alienware to release a laptop with alien technology so advanced hack into anything
Amazing Chuck
I’m getting into cyber security wanted to ask if getting a mac is a good option ?
Subs of mine and I are trying to track down a bucket that we know is public access, but we only have the cloudfront domain forwarder. The game connected to that bucket shutdown in 2017, but for some reason the bucket contents and cdn are active
I instantly knew what game you were talking about. Let me know how it goes!
Hey @NetworkChuck, How can you Security the website if someone hacks the site and other things like that like sercuity the ip of people who use the site, or using the site and other things like that @NetworkChuck, I love your content and entertainment at and at 7:02 in the video of **I hacked my wife’s browser (it’s Scary Easy!) and also how can you ban ips if they used to hide the ip, vpns if they bypass a game to get unbanned from other things? Like that?
Please record a video about it?
Hey Chuck. Just wanted to reach out. Love your Channel. I'm also in Cyber Security. Been for a while, and I find your channel to be very intriguing. Thank you for all these amazing videos. And yes, let's have some coffee! :)
It's called a slash not a whack! :D
218 likes in 11 minutes, u can't even look at the whole video 💀
This is the first hacking video I had fun watching & actually understood everything. Tysm!
man be careful. no one wants you to end up like Enderman
You know they would probably find *** *** and ******** **** and helluva boss ****
/j