AWS - Unauthenticated Enum & Access

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

AWS Credentials Leaks

Njia ya kawaida ya kupata access au taarifa kuhusu akaunti ya AWS ni kwa searching for leaks. Unaweza kutafuta leaks kwa kutumia google dorks, ukikagua public repos za organization na workers wa organization kwenye Github au majukwaa mengine, ukitafuta katika credentials leaks databases… au katika sehemu nyingine yoyote unayoona kuna uwezekano kupata taarifa kuhusu kampuni na infa ya cloud yao.
Baadhi ya tools zinazofaa:

• https://github.com/carlospolop/leakos
• https://github.com/carlospolop/pastos
• https://github.com/carlospolop/gorks

AWS Unauthenticated Enum & Access

Kuna huduma kadhaa katika AWS ambazo zinaweza kusanidiwa kutoa access kwa watu wote wa Internet au kwa watu zaidi kuliko ilivyotarajiwa. Angalia hapa jinsi:

• Accounts Unauthenticated Enum
• API Gateway Unauthenticated Enum
• Cloudfront Unauthenticated Enum
• Codebuild Unauthenticated Access
• Cognito Unauthenticated Enum
• DocumentDB Unauthenticated Enum
• DynamoDB Unauthenticated Access
• EC2 Unauthenticated Enum
• Elastic Beanstalk Unauthenticated Enum
• Elasticsearch Unauthenticated Enum
• IAM Unauthenticated Enum
• Identity Center and SSO Unauthenticated Enum
• IoT Unauthenticated Enum
• Kinesis Video Unauthenticated Enum
• Lambda Unauthenticated Access
• Media Unauthenticated Enum
• MQ Unauthenticated Enum
• MSK Unauthenticated Enum
• RDS Unauthenticated Enum
• Redshift Unauthenticated Enum
• S3 Unauthenticated Enum
• Sagemaker Unauthenticated Enum
• SNS Unauthenticated Enum
• SQS Unauthenticated Enum

Cross Account Attacks

Katika semina Breaking the Isolation: Cross-Account AWS Vulnerabilities inaonyesha jinsi huduma zingine zilivyoruhusu akaunti yoyote ya AWS kuzipata kwa sababu AWS services without specifying accounts ID zilikuwa zinakaribishwa.

Wakati wa semina walitoa mifano kadhaa, kama vile S3 buckets allowing cloudtrail (of any AWS account) to write to them:

Huduma nyingine zilizogunduliwa kuwa zenye udhaifu:

• AWS Config
• Serverless repository

Zana

• cloud_enum: Zana ya OSINT ya multi-cloud. Find public resources in AWS, Azure, and Google Cloud. Inasaidia huduma za AWS: Open / Protected S3 Buckets, awsapps (WorkMail, WorkDocs, Connect, etc.)

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.