gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-13 05:16:32 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix links

Browse Source
This commit is contained in:
Carlos Polop
2025-01-05 11:29:50 +01:00
parent d65983432b
commit 13358c1371
33 changed files with 50 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md
View File

@@ -130,7 +130,7 @@ aws cognito-identity get-credentials-for-identity --identity-id <identity_id> --
### Enhanced vs Basic Authentication flow
The previous section followed the **default enhanced authentication flow**. This flow sets a **restrictive** [**session policy**](../../aws-basic-information/#session-policies) to the IAM role session generated. This policy will only allow the session to [**use the services from this list**](https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#access-policies-scope-down-services) (even if the role had access to other services).
The previous section followed the **default enhanced authentication flow**. This flow sets a **restrictive** [**session policy**](../../aws-basic-information/index.html#session-policies) to the IAM role session generated. This policy will only allow the session to [**use the services from this list**](https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#access-policies-scope-down-services) (even if the role had access to other services).
However, there is a way to bypass this, if the **Identity pool has "Basic (Classic) Flow" enabled**, the user will be able to obtain a session using that flow which **won't have that restrictive session policy**.
@@ -151,7 +151,7 @@ aws sts assume-role-with-web-identity --role-arn "arn:aws:iam::<acc_id>:role/<ro
> `An error occurred (InvalidParameterException) when calling the GetOpenIdToken operation: Basic (classic) flow is not enabled, please use enhanced flow.`
Having a set of IAM credentials you should check [which access you have](../../#whoami) and try to [escalate privileges](../../aws-privilege-escalation/).
Having a set of IAM credentials you should check [which access you have](../../index.html#whoami) and try to [escalate privileges](../../aws-privilege-escalation/index.html).
### Authenticated

2
src/pentesting-cloud/aws-security/aws-services/aws-lightsail-enum.md
View File

@@ -32,7 +32,7 @@ aws lightsail get-key-pairs
### Analyse Snapshots
It's possible to generate **instance and relational database snapshots from lightsail**. Therefore you can check those the same way you can check [**EC2 snapshots**](aws-ec2-ebs-elb-ssm-vpc-and-vpn-enum/#ebs) and [**RDS snapshots**](aws-relational-database-rds-enum.md#enumeration).
It's possible to generate **instance and relational database snapshots from lightsail**. Therefore you can check those the same way you can check [**EC2 snapshots**](aws-ec2-ebs-elb-ssm-vpc-and-vpn-enum/index.html#ebs) and [**RDS snapshots**](aws-relational-database-rds-enum.md#enumeration).
### Metadata

2
src/pentesting-cloud/aws-security/aws-services/aws-s3-athena-and-glacier-enum.md
View File

@@ -140,7 +140,7 @@ Using this mechanism, you are able to utilize your own provided keys and use an
### **Enumeration**
One of the traditional main ways of compromising AWS orgs start by compromising buckets publicly accesible. **You can find** [**public buckets enumerators in this page**](../aws-unauthenticated-enum-access/#s3-buckets)**.**
One of the traditional main ways of compromising AWS orgs start by compromising buckets publicly accesible. **You can find** [**public buckets enumerators in this page**](../aws-unauthenticated-enum-access/index.html#s3-buckets)**.**
```bash
# Get buckets ACLs