Skip to content

Latest commit

 

History

History
 
 

aws-unauthenticated-enum-access

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
aws-accounts-unauthenticated-enum.md
aws-accounts-unauthenticated-enum.md
 
 
aws-api-gateway-unauthenticated-enum.md
aws-api-gateway-unauthenticated-enum.md
 
 
aws-cloudfront-unauthenticated-enum.md
aws-cloudfront-unauthenticated-enum.md
 
 
aws-codebuild-unauthenticated-access.md
aws-codebuild-unauthenticated-access.md
 
 
aws-cognito-unauthenticated-enum.md
aws-cognito-unauthenticated-enum.md
 
 
aws-documentdb-enum.md
aws-documentdb-enum.md
 
 
aws-dynamodb-unauthenticated-access.md
aws-dynamodb-unauthenticated-access.md
 
 
aws-ec2-unauthenticated-enum.md
aws-ec2-unauthenticated-enum.md
 
 
aws-ecr-unauthenticated-enum.md
aws-ecr-unauthenticated-enum.md
 
 
aws-ecs-unauthenticated-enum.md
aws-ecs-unauthenticated-enum.md
 
 
aws-elastic-beanstalk-unauthenticated-enum.md
aws-elastic-beanstalk-unauthenticated-enum.md
 
 
aws-elasticsearch-unauthenticated-enum.md
aws-elasticsearch-unauthenticated-enum.md
 
 
aws-iam-and-sts-unauthenticated-enum.md
aws-iam-and-sts-unauthenticated-enum.md
 
 
aws-identity-center-and-sso-unauthenticated-enum.md
aws-identity-center-and-sso-unauthenticated-enum.md
 
 
aws-iot-unauthenticated-enum.md
aws-iot-unauthenticated-enum.md
 
 
aws-kinesis-video-unauthenticated-enum.md
aws-kinesis-video-unauthenticated-enum.md
 
 
aws-lambda-unauthenticated-access.md
aws-lambda-unauthenticated-access.md
 
 
aws-media-unauthenticated-enum.md
aws-media-unauthenticated-enum.md
 
 
aws-mq-unauthenticated-enum.md
aws-mq-unauthenticated-enum.md
 
 
aws-msk-unauthenticated-enum.md
aws-msk-unauthenticated-enum.md
 
 
aws-rds-unauthenticated-enum.md
aws-rds-unauthenticated-enum.md
 
 
aws-redshift-unauthenticated-enum.md
aws-redshift-unauthenticated-enum.md
 
 
aws-s3-unauthenticated-enum.md
aws-s3-unauthenticated-enum.md
 
 
aws-sns-unauthenticated-enum.md
aws-sns-unauthenticated-enum.md
 
 
aws-sqs-unauthenticated-enum.md
aws-sqs-unauthenticated-enum.md
 
 

README.md

AWS - Unauthenticated Enum & Access

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

AWS Credentials Leaks

A common way to obtain access or information about an AWS account is by searching for leaks. You can search for leaks using google dorks, checking the public repos of the organization and the workers of the organization in Github or other platforms, searching in credentials leaks databases... or in any other part you think you might find any information about the company and its cloud infa.
Some useful tools:

AWS Unauthenticated Enum & Access

There are several services in AWS that could be configured giving some kind of access to all Internet or to more people than expected. Check here how:

Cross Account Attacks

In the talk Breaking the Isolation: Cross-Account AWS Vulnerabilities it's presented how some services allow(ed) any AWS account accessing them because AWS services without specifying accounts ID were allowed.

During the talk they specify several examples, such as S3 buckets allowing cloudtrail (of any AWS account) to write to them:

Other services found vulnerable:

  • AWS Config
  • Serverless repository

Tools

  • cloud_enum: Multi-cloud OSINT tool. Find public resources in AWS, Azure, and Google Cloud. Supported AWS services: Open / Protected S3 Buckets, awsapps (WorkMail, WorkDocs, Connect, etc.)

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}