{% hint style="success" %}
Learn & practice AWS Hacking:.png)
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: .png)
HackTricks Training GCP Red Team Expert (GRTE).png)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
If you have a target there are ways to try to identify account IDs of accounts related to the target.
You create a list of potential account IDs and aliases and check them
# Check if an account ID exists
curl -v https://<acount_id>.signin.aws.amazon.com
## If response is 404 it doesn't, if 200, it exists
## It also works from account aliases
curl -v https://vodafone-uk2.signin.aws.amazon.comYou can automate this process with this tool.
Look for urls that contains <alias>.signin.aws.amazon.com with an alias related to the organization.
If a vendor has instances in the marketplace, you can get the owner id (account id) of the AWS account he used.
- Public EBS snapshots (EC2 -> Snapshots -> Public Snapshots)
- RDS public snapshots (RDS -> Snapshots -> All Public Snapshots)
- Public AMIs (EC2 -> AMIs -> Public images)
Many AWS error messages (even access denied) will give that information.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.