AWS - Cognito Enum

Reading time: 5 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Cognito

Amazon Cognito inatumika kwa ajili ya uthibitishaji, ruhusa, na usimamizi wa watumiaji katika programu za wavuti na simu. Inawaruhusu watumiaji kubadilika kuingia moja kwa moja kwa kutumia jina la mtumiaji na nenosiri au kwa njia isiyo ya moja kwa moja kupitia mtu wa tatu, ikiwa ni pamoja na Facebook, Amazon, Google, au Apple.

Kati ya Amazon Cognito kuna vipengele viwili vikuu:

  1. User Pools: Hizi ni saraka zilizoundwa kwa watumiaji wa programu yako, zikitoa uwezo wa kujiandikisha na kuingia.
  2. Identity Pools: Hizi ni muhimu katika kuidhinisha watumiaji kupata huduma tofauti za AWS. Hazihusiki moja kwa moja katika mchakato wa kuingia au kujiandikisha lakini ni muhimu kwa upatikanaji wa rasilimali baada ya uthibitishaji.

User pools

Ili kujifunza ni nini Cognito User Pool check:

Cognito User Pools

Identity pools

Ili kujifunza ni nini Cognito Identity Pool check:

Cognito Identity Pools

Enumeration

bash
# List Identity Pools
aws cognito-identity list-identity-pools --max-results 60
aws cognito-identity describe-identity-pool --identity-pool-id "eu-west-2:38b294756-2578-8246-9074-5367fc9f5367"
aws cognito-identity list-identities --identity-pool-id <ident-pool-id> --max-results 60
aws cognito-identity get-identity-pool-roles --identity-pool-id <ident-pool-id>

# Identities Datasets
## Get dataset of identity id (inside identity pool)
aws cognito-sync list-datasets --identity-pool-id <ident-pool-id> --identity-id <ident-id>
## Get info of the dataset
aws cognito-sync describe-dataset --identity-pool-id <value> --identity-id <value> --dataset-name <value>
## Get dataset records
aws cognito-sync list-records --identity-pool-id <value> --identity-id <value> --dataset-name <value>

# User Pools
## Get pools
aws cognito-idp list-user-pools --max-results 60

## Get users
aws cognito-idp list-users --user-pool-id <user-pool-id>

## Get groups
aws cognito-idp list-groups --user-pool-id <user-pool-id>

## Get users in a group
aws cognito-idp list-users-in-group --user-pool-id <user-pool-id> --group-name <group-name>

## List App IDs of a user pool
aws cognito-idp list-user-pool-clients --user-pool-id <user-pool-id>

## List configured identity providers for a user pool
aws cognito-idp list-identity-providers --user-pool-id <user-pool-id>

## List user import jobs
aws cognito-idp list-user-import-jobs --user-pool-id <user-pool-id> --max-results 60

## Get MFA config of a user pool
aws cognito-idp get-user-pool-mfa-config --user-pool-id <user-pool-id>

## Get risk configuration
aws cognito-idp describe-risk-configuration --user-pool-id <user-pool-id>

Identity Pools - Unauthenticated Enumeration

Kujua tu ID ya Identity Pool unaweza kuwa na uwezo wa kupata akreditivu za jukumu lililohusishwa na watumiaji wasio na uthibitisho (ikiwa ipo). Angalia jinsi hapa.

User Pools - Unauthenticated Enumeration

Hata kama hujui jina halali la mtumiaji ndani ya Cognito, unaweza kuwa na uwezo wa kuhesabu majina halali ya watumiaji, BF nywila au hata kujiandikisha mtumiaji mpya kwa kujua tu ID ya mteja wa App (ambayo kwa kawaida hupatikana katika msimbo wa chanzo). Angalia jinsi hapa.

Privesc

AWS - Cognito Privesc

Unauthenticated Access

AWS - Cognito Unauthenticated Enum

Persistence

AWS - Cognito Persistence

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks