Hii , i was doing a security research for an organization , and one one endpoint i got this <Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message> and in addition to this i got
<AWSAccessKeyId>XXXXXXXXXXXXXXXXX</AWSAccessKeyId>
<StringToSign>AWS4-HMAC-SHA256 20240117T095347Z 20240117/us-east-1/s3/aws4_request 1e0f232543f9e0eccb5b9154102100476546cd64fc29f59d11c61db7cb03a98a</StringToSign>
<SignatureProvided>b4c5ff5b5f5dffa6fca1d1157b01a39db471d8fcafb11ce293cbf9b0c7767553</SignatureProvided>
<StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 34 30 31 31 37 54 30 39 35 33 34 37 5a 0a 32 30 32 34 30 31 31 37 2f 75 73 2d 65 61 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 31 65 30 66 32 33 32 35 34 33 66 39 65 30 65 63 63 62 35 62 39 31 35 34 31 30 32 31 30 30 34 37 36 35 34 36 63 64 36 34 66 63 32 39 66 35 39 64 31 31 63 36 31 64 62 37 63 62 30 33 61 39 38 61</StringToSignBytes>
<CanonicalRequest>GET /assets/no_op%3Bjsessionid%3D host:prod-XXXX-assets.s3.amazonaws.com x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date:20240117T095347Z host;x-amz-content-sha256;x-amz-date e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest>
<CanonicalRequestBytes>47 45 54 0a 2f 61 73 73 65 74 73 2f 6e 6f 5f 6f 70 25 33 42 6a 73 65 73 73 69 6f 6e 69 64 25 33 44 0a 0a 68 6f 73 74 3a 70 72 6f 64 2d 72 61 70 79 64 2d 61 73 73 65 74 73 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 34 30 31 31 37 54 30 39 35 33 34 37 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes>
<RequestId>0XVQCSCNG0HE56RX</RequestId>
<HostId>hrqGvfmicnxhq/TRgTnyf/+kpYcAG9/DvLrZbifnB0OMvaS8nNy4JuP81UVapq75FPK5q7s5PGDXgMKB44zdBQ==</HostId> which i want to know , is this intentionally leaking the AWSAccessKeyId ??
Hi Martiz, you may be indeed rising an interesting question!! Are you in touch with AWS security folks to explore your point? Please, reach me out via LinkedIn at https://www.linkedin.com/in/ddurand/. I'll try to route you to appropriate folks
sure , i really appreciate the help , my linked name is Tarun Joshi
Hey thanks for the clarification , as i said I'm a security researcher and i found a subdomain where i saw this <Error> <Code>AccessDenied</Code> <Message>Access Denied</Message> <RequestId>NAKC65RQYHR95FWQ</RequestId> <HostId>UEgZWwl7PyMQXMV2fgIUqEnpBKuh9lydxmpSkRtpavESWjOACCNh49RpQXRceshWCYzAB11BY2M=</HostId> </Error> but after some content discovery i found the endpoint which i appended to the subdomain juste like this
https://icon.domain.net/... and got this in response <AWSAccessKeyId>XXXXXXXXXXXXXXXXX</AWSAccessKeyId> <StringToSign>AWS4-HMAC-SHA256 20240117T095347Z 20240117/us-east-1/s3/aws4_request 1e0f232543f9e0eccb5b9154102100476546cd64fc29f59d11c61db7cb03a98a</StringToSign> <SignatureProvided>b4c5ff5b5f5dffa6fca1d1157b01a39db471d8fcafb11ce293cbf9b0c7767553</SignatureProvided> <StringToSignBytes>41 57 53 34 1</StringToSignBytes> <CanonicalRequest>GET /assets/no_op%3Bjsessionid%3D host:prod-XXXX-assets.s3.amazonaws.com x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date:20240117T095347Z host;x-amz-content-sha256;x- so i just wanted to ask the aws access key id is real .. right and belongs to the organization ?