AWS - Accounts Unauthenticated Enum

Reading time: 2 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Nambari za Akaunti

Ikiwa una lengo kuna njia za kujaribu kubaini nambari za akaunti za akaunti zinazohusiana na lengo.

Brute-Force

Unaunda orodha ya nambari za akaunti zinazoweza na majina na kuziangalia.

bash

# Check if an account ID exists
curl -v https://<acount_id>.signin.aws.amazon.com
## If response is 404 it doesn't, if 200, it exists
## It also works from account aliases
curl -v https://vodafone-uk2.signin.aws.amazon.com

You can automate this process with this tool.

OSINT

Tafuta urls ambazo zina <alias>.signin.aws.amazon.com zikiwa na alias inayohusiana na shirika.

Marketplace

Ikiwa muuzaji ana instances katika soko, unaweza kupata id ya mmiliki (account id) ya akaunti ya AWS aliyoitumia.

Snapshots

Public EBS snapshots (EC2 -> Snapshots -> Public Snapshots)
RDS public snapshots (RDS -> Snapshots -> All Public Snapshots)
Public AMIs (EC2 -> AMIs -> Public images)

Errors

Ujumbe mwingi wa makosa ya AWS (hata ufikiaji umekataliwa) utaeleza hiyo taarifa.

References

https://www.youtube.com/watch?v=8ZXRw4Ry3mQ

tip

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

HackTricks Cloud