From e0c745cbf4802aefe351abe1ae12208fa81dfe3b Mon Sep 17 00:00:00 2001 From: lanjelot Date: Fri, 18 Dec 2020 22:52:21 +1100 Subject: [PATCH] Fix AWS duplicated tool enumerate-iam --- API Key Leaks/README.md | 8 ------ AWS Amazon Bucket S3/README.md | 28 ------------------- .../Cloud - AWS Pentest.md | 26 +++++++++++++++++ 3 files changed, 26 insertions(+), 36 deletions(-) diff --git a/API Key Leaks/README.md b/API Key Leaks/README.md index bb8ad5b..221eefd 100644 --- a/API Key Leaks/README.md +++ b/API Key Leaks/README.md @@ -48,14 +48,6 @@ curl --request PUT \ --data '{"highlightPreTag": ""}' ``` -### AWS Access Key ID & Secret - -```powershell -git clone https://github.com/andresriancho/enumerate-iam -cd enumerate-iam -./enumerate-iam.py --access-key AKIA... --secret-key XXX.. -``` - ### Slack API Token ```powershell diff --git a/AWS Amazon Bucket S3/README.md b/AWS Amazon Bucket S3/README.md index 1a73cf7..97b1fd6 100644 --- a/AWS Amazon Bucket S3/README.md +++ b/AWS Amazon Bucket S3/README.md @@ -155,34 +155,6 @@ http://169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance For example with a proxy : http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws/ - -## Enumerate IAM permissions - -Enumerate the permissions associated with AWS credential set with [enumerate-iam](https://github.com/andresriancho/enumerate-iam) - -```powershell -git clone git@github.com:andresriancho/enumerate-iam.git -cd enumerate-iam/ -pip install -r requirements.txt -./enumerate-iam.py --access-key AKIA... --secret-key StF0q... -2019-05-10 15:57:58,447 - 21345 - [INFO] Starting permission enumeration for access-key-id "AKIA..." -2019-05-10 15:58:01,532 - 21345 - [INFO] Run for the hills, get_account_authorization_details worked! -2019-05-10 15:58:01,537 - 21345 - [INFO] -- { - "RoleDetailList": [ - { - "Tags": [], - "AssumeRolePolicyDocument": { - "Version": "2008-10-17", - "Statement": [ - { -... -2019-05-10 15:58:26,709 - 21345 - [INFO] -- gamelift.list_builds() worked! -2019-05-10 15:58:26,850 - 21345 - [INFO] -- cloudformation.list_stack_sets() worked! -2019-05-10 15:58:26,982 - 21345 - [INFO] -- directconnect.describe_locations() worked! -2019-05-10 15:58:27,021 - 21345 - [INFO] -- gamelift.describe_matchmaking_rule_sets() worked! -2019-05-10 15:58:27,311 - 21345 - [INFO] -- sqs.list_queues() worked! -``` - ## References * [There's a Hole in 1,951 Amazon S3 Buckets - Mar 27, 2013 - Rapid7 willis](https://community.rapid7.com/community/infosec/blog/2013/03/27/1951-open-s3-buckets) diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md index 0275e71..e795052 100644 --- a/Methodology and Resources/Cloud - AWS Pentest.md +++ b/Methodology and Resources/Cloud - AWS Pentest.md @@ -417,6 +417,32 @@ $> aws_consoler -v -a AKIA[REDACTED] -s [REDACTED] https://signin.aws.amazon.com/federation?Action=login&Issuer=consoler.local&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3Fregion%3Dus-east-1&SigninToken=[REDACTED ``` +## AWS - Enumerate IAM permissions + +Enumerate the permissions associated with AWS credential set with [enumerate-iam](https://github.com/andresriancho/enumerate-iam) + +```powershell +git clone git@github.com:andresriancho/enumerate-iam.git +pip install -r requirements.txt +./enumerate-iam.py --access-key AKIA... --secret-key StF0q... +2019-05-10 15:57:58,447 - 21345 - [INFO] Starting permission enumeration for access-key-id "AKIA..." +2019-05-10 15:58:01,532 - 21345 - [INFO] Run for the hills, get_account_authorization_details worked! +2019-05-10 15:58:01,537 - 21345 - [INFO] -- { + "RoleDetailList": [ + { + "Tags": [], + "AssumeRolePolicyDocument": { + "Version": "2008-10-17", + "Statement": [ + { +... +2019-05-10 15:58:26,709 - 21345 - [INFO] -- gamelift.list_builds() worked! +2019-05-10 15:58:26,850 - 21345 - [INFO] -- cloudformation.list_stack_sets() worked! +2019-05-10 15:58:26,982 - 21345 - [INFO] -- directconnect.describe_locations() worked! +2019-05-10 15:58:27,021 - 21345 - [INFO] -- gamelift.describe_matchmaking_rule_sets() worked! +2019-05-10 15:58:27,311 - 21345 - [INFO] -- sqs.list_queues() worked! +``` + ## AWS - Mount EBS volume to EC2 Linux :warning: EBS snapshots are block-level incremental, which means that every snapshot only copies the blocks (or areas) in the volume that had been changed since the last snapshot. To restore your data, you need to create a new EBS volume from one of your EBS snapshots. The new volume will be a duplicate of the initial EBS volume on which the snapshot was taken.