Links

DO - Spaces

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

Basic Information

DigitalOcean Spaces are object storage services. They allow users to store and serve large amounts of data, such as images and other files, in a scalable and cost-effective way. Spaces can be accessed via the DigitalOcean control panel, or using the DigitalOcean API, and are integrated with other DigitalOcean services such as Droplets (virtual private servers) and Load Balancers.

Access

Spaces can be public (anyone can access them from the Internet) or private (only authorised users). To access the files from a private space outside of the Control Panel, we need to generate an access key and secret. These are a pair of random tokens that serve as a username and password to grant access to your Space.
A URL of a space looks like this: https://uniqbucketname.fra1.digitaloceanspaces.com/ Note the region as subdomain.
Even if the space is public, files inside of it can be private (you will be able to access them only with credentials).
However, even if the file is private, from the console it's possible to share a file with a link such as https://fra1.digitaloceanspaces.com/uniqbucketname/filename?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=DO00PL3RA373GBV4TRF7%2F20221213%2Ffra1%2Fs3%2Faws4_request&X-Amz-Date=20221213T121017Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=6a183dbc42453a8d30d7cd2068b66aeb9ebc066123629d44a8108115def975bc for a period of time:

Enumeration

# Unauthenticated
## Note how the region is specified in the endpoint
aws s3 ls --endpoint=https://fra1.digitaloceanspaces.com --no-sign-request s3://uniqbucketname
# Authenticated
## Configure spaces keys as AWS credentials
aws configure
AWS Access Key ID [None]: <spaces_key>
AWS Secret Access Key [None]: <Secret>
Default region name [None]:
Default output format [None]:
## List all buckets in a region
aws s3 ls --endpoint=https://fra1.digitaloceanspaces.com
## List files inside a bucket
aws s3 ls --endpoint=https://fra1.digitaloceanspaces.com s3://uniqbucketname
## It's also possible to generate authorized access to buckets from the API
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: