📖
NOTES
  • Welcome!
  • Reference
    • Hacking
      • Penetration Testing Resources Bookmarks
        • Research Links
        • Cheat Sheet
        • Learning/Training
        • Tools
        • Payloads
        • Shell
        • AI
        • Reads
        • Podcast
        • Social Engineering
        • Payloads
      • Web/App Pentesting
        • SQL Injection
          • SQL Injection In The URL
          • SQL Injection In The Search Field
          • SQL Injection in Login forms
          • Boolean SQL Injection Blind
          • Time based SQL Injection Blind
          • Bypassing SQL Filters
          • SQL Injection with sqlmap
          • XPath Injection - Authentication Bypass
            • XPath Advanced Data Exfiltration
          • Payloads
        • XSS
          • Payloads
          • XSS Reflected
          • XSS Stored
          • Dom-based
          • Blind
        • Command Injection
          • Payloads
        • File Upload
          • Payloads
          • Bypass Filters
          • File Upload Tricks
        • SSRF
          • Payloads
        • LFI/RFI
          • Payloads
        • LDAP Injection
      • Port Swigger
        • Access control
          • Lab: Unprotected admin functionality
          • Unprotected admin functionality with unpredictable URL
          • User role controlled by request parameter
          • User ID controlled by request parameter, with unpredictable user IDs
          • User ID controlled by request parameter with password disclosure
        • Authentication
          • Username enumeration via different responses
        • Server-side request forgery (SSRF)
          • Basic SSRF against the local server
          • Basic SSRF against another back-end system
        • File Upload Vulnerabilities
          • Remote code execution via web shell upload
        • SQL Injection
          • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Burp
        • Setting up Macro for intruder
      • ☁️Cloud
        • Tools
        • AWS
          • 🪣S3 Buckets
          • Amazon IAM
          • Dockers
            • Tools
        • Azure
        • GCP
      • Networking
        • Cheat Sheet
      • Hardware Hacking
        • Computer BIOS
    • HTML/CSS/JAVA
      • Tools
      • HTTP Response Status Codes
      • Bootstrap Templates
      • SSL
      • cURL
      • Grep
    • DataBase
      • My SQL
        • Cheat Sheet
        • Tools
    • PYTHON3
      • Code Resources
      • Python Reference Guide
        • Cheat Sheet
      • Code Projects
        • Jiggler Mouse
        • loan calculator
        • Bilnd LDAP Data Exfiltration
    • SEO
      • Tools
      • On-Page SEO
      • Local SEO and Keyword Research
      • Content Optimization
      • Technical SEO
      • Off-Page SEO Tools
      • Google Ads
    • Cloud
      • AWS
        • Light Sail
          • Hosting Website on Light Sail and Namecheap
        • Boto3
      • Azure
      • GCP
    • Files
      • PDF
Powered by GitBook
On this page
  1. Reference
  2. Hacking
  3. Cloud
  4. AWS

Amazon IAM

Amazon IAM

Identity and access management refers to the signed requests sent to AWS. These signed requests are signed with IAM Access keys that consist of Key ID [begins with AKIA and are 20 characters long] which is usually considered as a username and Secret Key [40 characters long]. The issue with these credentials is that when an attacker is able to locate them they can create a new profile with these credentials and send requests using these credentials.

Adding credential keys to a new profile

aws configure --profile PROFILENAME

Listing buckets in the new account using the newly added profile

aws s3 ls --profile PROFILENAME

Finding an account ID given you got the access key

aws sts get-access-key-info --access-key-id AKA_EXAMPLE --profile [profile-name]

Finding the username

aws sts get-caller-identity --profile PROFILENAME

Listing EC2 instances belonging to an account

aws ec2 describe-instances --output text --profile PROFILENAME

Listing EC2 instances belonging to an account with a region specified.

aws ec2 describe-instances --output text --region us-east-1 --profile PROFILENAME

Retrieving the secrets or the credential manager contents of a profile

aws secretsmanager list-secrets --profile [profile-name]

Retrieving a specific secret value from the credential manager

aws secretsmanager get-secret-value --secret-id [nameofthesecret] --profile [profile-name]

Retrieving a specific secret value from the credential manager with region specified

aws secretsmanager get-secret-value --secret-id [nameofthesecret] --profile [profile-name] --region

PreviousS3 BucketsNextDockers

Last updated 1 year ago

☁️