HackTricks CloudAWS - SES Enum
Reading time: 5 minutes
tip
Aprenda e pratique Hacking AWS:
HackTricks Training AWS Red Team Expert (ARTE)
Aprenda e pratique Hacking GCP: 
HackTricks Training GCP Red Team Expert (GRTE)
Aprenda e pratique Hacking Azure: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Confira os planos de assinatura!
- Junte-se ao š¬ grupo do Discord ou ao grupo do telegram ou siga-nos no Twitter š¦ @hacktricks_live.
- Compartilhe truques de hacking enviando PRs para o HackTricks e HackTricks Cloud repositĆ³rios do github.
InformaƧƵes BƔsicas
Amazon Simple Email Service (Amazon SES) Ć© projetado para enviar e receber e-mails. Ele permite que os usuĆ”rios enviem e-mails transacionais, de marketing ou de notificaĆ§Ć£o de forma eficiente e segura em grande escala. Ele integra-se bem com outros serviƧos da AWS, proporcionando uma soluĆ§Ć£o robusta para gerenciar comunicaƧƵes por e-mail para empresas de todos os tamanhos.
VocĆŖ precisa registrar identidades, que podem ser domĆnios ou endereƧos de e-mail que poderĆ£o interagir com o SES (por exemplo, enviar e receber e-mails).
UsuƔrio SMTP
Ć possĆvel conectar-se a um servidor SMTP da AWS para realizar aƧƵes em vez de usar a API da AWS (ou alĆ©m disso). Para isso, vocĆŖ precisa criar um usuĆ”rio com uma polĆtica como:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ses:SendRawEmail",
"Resource": "*"
}
]
}
Em seguida, colete a chave da API e o segredo do usuƔrio e execute:
git clone https://github.com/lisenet/ses-smtp-converter.git
cd ./ses-smtp-converter
chmod u+x ./ses-smtp-conv.sh
./ses-smtp-conv.sh <AccessKeyId> <SecretAccessKey>
Ć tambĆ©m possĆvel fazer isso a partir do console web da AWS.
EnumeraĆ§Ć£o
warning
Note que o SES tem 2 APIs: ses e sesv2. Algumas aƧƵes estĆ£o em ambas as APIs e outras estĆ£o apenas em uma das duas.
# Get info about the SES account
aws sesv2 get-account
aws ses get-account-sending-enabled # Check if enabled
# Get registered domains and email addresses (identities)
aws ses list-identities
aws sesv2 list-email-identities
aws sesv2 get-email-identity --email-identity <identity> #Get at once all the attributes
# Get Resource Policies applied in the identity
aws ses list-identity-policies --identity <identity>
aws ses get-identity-policies --identity <identity> --policy-names <policy>
aws sesv2 get-email-identity-policies --email-identity <identity>
# Get attributes of the identity
## Check if verified
aws ses get-identity-verification-attributes --identities <identity>
## DKIM settings, relevant for identities that are domains not emails
aws ses get-identity-dkim-attributes --identities <identity>
## Get what happnes if the send mail from the identity fails
aws ses get-identity-mail-from-domain-attributes --identities <identity>
## otifications attributes
aws ses get-identity-notification-attributes --identities <identity>
# Get email templates
aws ses list-templates
aws ses get-template --template-name <name>
aws sesv2 list-email-templates
aws sesv2 get-email-template --template-name <name>
# Get custom verification email templates
## This is the email sent when an identity is verified, it can be customized
aws ses list-custom-verification-email-templates
aws sesv2 list-custom-verification-email-templates
aws ses get-custom-verification-email-template --template-name <name>
aws sesv2 get-custom-verification-email-template --template-name <name>
# Get receipt rule sets
## Receipt rules indicate how to handle incoming mail by executing an ordered list of actions
aws ses list-receipt-rule-sets
aws ses describe-receipt-rule-set --rule-set-name <name>
aws ses describe-receipt-rule-set --rule-set-name <name> --rule-name <name>
## Metadata and receipt rules for the receipt rule set that is currently active
aws ses describe-active-receipt-rule-set
# Get suppressed destinations
aws sesv2 list-suppressed-destinations
aws sesv2 get-suppressed-destination --email-address <email>
# Get configuration sets
## These are set of rules applied to the identities related to the configuration set
aws ses list-configuration-sets
aws sesv2 list-configuration-sets
aws ses describe-configuration-set --configuration-set-name <name> --configuration-set-attribute-names eventDestinations trackingOptions deliveryOptions reputationOptions
aws sesv2 get-configuration-set --configuration-set-name <name>
aws sesv2 get-configuration-set-event-destinations --configuration-set-name <name>
# Get Contacts list
aws sesv2 list-contact-lists
aws sesv2 list-contacts --contact-list-name <name>
aws sesv2 get-contact-list --contact-list-name <name>
aws sesv2 get-contact --contact-list-name <name> --email-address <name>
# Private IPs
aws sesv2 list-dedicated-ip-pools
aws sesv2 get-dedicated-ip-pool --pool-name <name>
aws sesv2 get-dedicated-ips --pool-name <name> #Only valid if ScalingMode is Standard
aws sesv2 get-dedicated-ip --ip <ip>
# Misc
## Get send quota
aws ses get-send-quota
## Get statistics
aws ses get-send-statistics
PĆ³s ExploraĆ§Ć£o
tip
Aprenda e pratique Hacking AWS:HackTricks Training AWS Red Team Expert (ARTE)
Aprenda e pratique Hacking GCP: HackTricks Training GCP Red Team Expert (GRTE)
Aprenda e pratique Hacking Azure: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Confira os planos de assinatura!
- Junte-se ao š¬ grupo do Discord ou ao grupo do telegram ou siga-nos no Twitter š¦ @hacktricks_live.
- Compartilhe truques de hacking enviando PRs para o HackTricks e HackTricks Cloud repositĆ³rios do github.