AWS - Accounts Unauthenticated Enum

Tip

Nauči & vežbaj AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Nauči & vežbaj GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Nauči & vežbaj Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

• Pogledajte subscription plans!
• Pridružite se 💬 Discord group or the telegram group or pratite nas na Twitter 🐦 @hacktricks_live.
• Podelite hacking tricks slanjem PR-ova na HackTricks i HackTricks Cloud github repos.

ID-ovi naloga

Ako imate metu, postoje načini da pokušate da identifikujete ID-ove naloga povezanih sa metom.

Brute-Force

Napravite listu potencijalnih ID-ova naloga i aliasa i proverite ih

# Check if an account ID exists
curl -v https://<acount_id>.signin.aws.amazon.com
## If response is 404 it doesn't, if 200, it exists
## It also works from account aliases
curl -v https://vodafone-uk2.signin.aws.amazon.com

You can automate this process with this tool.

OSINT

Tražite URL-ove koji sadrže <alias>.signin.aws.amazon.com sa alias-om povezanim sa organizacijom.

Marketplace

Ako vendor ima instances in the marketplace, možete dobiti owner id (account id) AWS naloga koji je koristio.

Snapshots

• Public EBS snapshots (EC2 -> Snapshots -> Public Snapshots)
• RDS public snapshots (RDS -> Snapshots -> All Public Snapshots)
• Public AMIs (EC2 -> AMIs -> Public images)

Errors

Mnoge AWS error messages (čak i ‘access denied’) će otkriti tu informaciju.

References

• https://www.youtube.com/watch?v=8ZXRw4Ry3mQ

Tip

Nauči & vežbaj AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Nauči & vežbaj GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Nauči & vežbaj Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

• Pogledajte subscription plans!
• Pridružite se 💬 Discord group or the telegram group or pratite nas na Twitter 🐦 @hacktricks_live.
• Podelite hacking tricks slanjem PR-ova na HackTricks i HackTricks Cloud github repos.