-
Pacu can be used to test an AWS account. Setup: Unauthorized enumeration Requires only an AWS access key and secret key. Enumerate roles. Create a list with possible roles to check. run iam__enum_roles --word-list /tmp/roles.txt --account-id $accountId Enumerate users which belong to a (previously found) role. Create also a list of possible user names. run iam__enum_users --word-list…
-
Initial (network) enumeration Check where a service is hosted by quering the nameserver records for our target domain: host -t ns $domain Get more information / confirmation via a whois query to one previously found domain. whois $previouslyFoundDomain Check where a host is running: host $domainhost $ipFromTheDomain Check more domains of this organisation / of…
-
Use profiles: See https://github.com/eon01/AWS-CheatSheet for many commands or https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-access-token/ General Get Infos of the current used profile aws [--profile $profile] sts get-caller-identity Another possibility to gain an ARN (with account id) is to call a non-existing function and to extract data from the error message. EC2 List all EC2 images = AMI’s: aws [--profile $profile] ec2…