AWS - Cognito Uendelevu

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Cognito

Kwa taarifa zaidi, angalia:

AWS - Cognito Enum

Uendelevu wa watumiaji

Cognito ni huduma inayoruhusu kutoa roles kwa unauthenticated na authenticated users na kudhibiti saraka ya watumiaji. Mipangilio kadhaa inaweza kubadilishwa ili kudumisha uendelevu, kama vile:

  • Adding a User Pool controlled by the user to an Identity Pool
  • Give an IAM role to an unauthenticated Identity Pool and allow Basic auth flow
  • Or to an authenticated Identity Pool if the attacker can login
  • Or improve the permissions of the given roles
  • Create, verify & privesc via attributes controlled users or new users in a User Pool
  • Allowing external Identity Providers to login in a User Pool or in an Identity Pool

Angalia jinsi ya kufanya hatua hizi katika

AWS - Cognito Privesc

cognito-idp:SetRiskConfiguration

Mshambuliaji mwenye ruhusa hii anaweza kubadilisha risk configuration ili aweze kuingia kama mtumiaji wa Cognito bila kusababisha alarms kuzinduliwa. Check out the cli ili kuangalia chaguzi zote:

aws cognito-idp set-risk-configuration --user-pool-id <pool-id> --compromised-credentials-risk-configuration EventFilter=SIGN_UP,Actions={EventAction=NO_ACTION}

Kwa chaguo-msingi hii imezimwa:

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks