HackTricks CloudAWS - Unauthenticated Enum & Access
Reading time: 3 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
AWS Credentials Leaks
Njia ya kawaida ya kupata ufikiaji au taarifa kuhusu akaunti ya AWS ni kwa kutafuta leaks. Unaweza kutafuta leaks kwa kutumia google dorks, kuangalia public repos za organization na workers wa organization katika Github au majukwaa mengine, kutafuta katika credentials leaks databases... au sehemu nyingine yoyote unadhani unaweza kupata taarifa kuhusu kampuni na miundombinu yake ya wingu.
Zana kadhaa muhimu:
- https://github.com/carlospolop/leakos
- https://github.com/carlospolop/pastos
- https://github.com/carlospolop/gorks
AWS Unauthenticated Enum & Access
Kuna huduma kadhaa katika AWS ambazo zinaweza kuwekwa ili kutoa aina fulani ya ufikiaji kwa watu wote kwenye mtandao au kwa watu zaidi ya walivyotarajia. Angalia hapa jinsi:
- Accounts Unauthenticated Enum
- Cloud9 Unauthenticated Enum
- Cloudfront Unauthenticated Enum
- Cloudsearch Unauthenticated Enum
- Cognito Unauthenticated Enum
- DocumentDB Unauthenticated Enum
- EC2 Unauthenticated Enum
- Elasticsearch Unauthenticated Enum
- IAM Unauthenticated Enum
- IoT Unauthenticated Access
- Kinesis Video Unauthenticated Access
- Media Unauthenticated Access
- MQ Unauthenticated Access
- MSK Unauthenticated Access
- RDS Unauthenticated Access
- Redshift Unauthenticated Access
- SQS Unauthenticated Access
- S3 Unauthenticated Access
Cross Account Attacks
Katika mazungumzo Breaking the Isolation: Cross-Account AWS Vulnerabilities inawasilishwa jinsi huduma fulani zinavyoruhusu akaunti yoyote ya AWS kuziingia kwa sababu AWS services bila kubainisha account ID zilikuwa zinaruhusiwa.
Wakati wa mazungumzo wanabainisha mifano kadhaa, kama vile S3 buckets zinazoruhusu cloudtrail (ya akaunti yoyote ya AWS) kuandika ndani yao:
.png)
Huduma nyingine zilizopatikana kuwa na udhaifu:
- AWS Config
- Serverless repository
Tools
- cloud_enum: Zana ya Multi-cloud OSINT. Pata rasilimali za umma katika AWS, Azure, na Google Cloud. Huduma za AWS zinazoungwa mkono: Open / Protected S3 Buckets, awsapps (WorkMail, WorkDocs, Connect, nk.)
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.