# AWS - Unauthenticated Enum & Access {{#include ../../../banners/hacktricks-training.md}} ## AWS Credentials Leaks AWSアカウントへのアクセスや情報を取得する一般的な方法の一つは、**searching for leaks**による検索です。**google dorks**を使って検索したり、**Github**などのプラットフォームで組織やその従業員の**public repos**を確認したり、**credentials leaks databases**を検索したり、あるいは会社やそのクラウドインフラに関する情報が見つかりそうな他の場所を調べたりできます。\ いくつかの有用な**tools**: - [https://github.com/carlospolop/leakos](https://github.com/carlospolop/leakos) - [https://github.com/carlospolop/pastos](https://github.com/carlospolop/pastos) - [https://github.com/carlospolop/gorks](https://github.com/carlospolop/gorks) ## AWS Unauthenticated Enum & Access There are several services in AWS that could be configured giving some kind of access to all Internet or to more people than expected. Check here how: - [**Accounts Unauthenticated Enum**](aws-accounts-unauthenticated-enum/index.html) - [**API Gateway Unauthenticated Enum**](aws-api-gateway-unauthenticated-enum/index.html) - [**Cloudfront Unauthenticated Enum**](aws-cloudfront-unauthenticated-enum/index.html) - [**Codebuild Unauthenticated Access**](aws-codebuild-unauthenticated-access/index.html) - [**Cognito Unauthenticated Enum**](aws-cognito-unauthenticated-enum/index.html) - [**DocumentDB Unauthenticated Enum**](aws-documentdb-enum/index.html) - [**DynamoDB Unauthenticated Access**](aws-dynamodb-unauthenticated-access/index.html) - [**EC2 Unauthenticated Enum**](aws-ec2-unauthenticated-enum/index.html) - [**Elastic Beanstalk Unauthenticated Enum**](aws-elastic-beanstalk-unauthenticated-enum/index.html) - [**Elasticsearch Unauthenticated Enum**](aws-elasticsearch-unauthenticated-enum/index.html) - [**IAM Unauthenticated Enum**](aws-iam-and-sts-unauthenticated-enum/index.html) - [**Identity Center and SSO Unauthenticated Enum**](aws-identity-center-and-sso-unauthenticated-enum/index.html) - [**IoT Unauthenticated Enum**](aws-iot-unauthenticated-enum/index.html) - [**Kinesis Video Unauthenticated Enum**](aws-kinesis-video-unauthenticated-enum/index.html) - [**Lambda Unauthenticated Access**](aws-lambda-unauthenticated-access/index.html) - [**Media Unauthenticated Enum**](aws-media-unauthenticated-enum/index.html) - [**MQ Unauthenticated Enum**](aws-mq-unauthenticated-enum/index.html) - [**MSK Unauthenticated Enum**](aws-msk-unauthenticated-enum/index.html) - [**RDS Unauthenticated Enum**](aws-rds-unauthenticated-enum/index.html) - [**Redshift Unauthenticated Enum**](aws-redshift-unauthenticated-enum/index.html) - [**S3 Unauthenticated Enum**](aws-s3-unauthenticated-enum/index.html) - [**Sagemaker Unauthenticated Enum**](aws-sagemaker-unauthenticated-enum/index.html) - [**SNS Unauthenticated Enum**](aws-sns-unauthenticated-enum/index.html) - [**SQS Unauthenticated Enum**](aws-sqs-unauthenticated-enum/index.html) ## Cross Account Attacks In the talk [**Breaking the Isolation: Cross-Account AWS Vulnerabilities**](https://www.youtube.com/watch?v=JfEFIcpJ2wk) it's presented how some services allow(ed) any AWS account accessing them because **AWS services without specifying accounts ID** were allowed. 講演では、例えば S3 buckets **allowing cloudtrai**l (of **any AWS** account) to **write to them**: のような例が示されました。 ![](<../../../images/image (260).png>) 他に脆弱性が見つかったサービス: - AWS Config - Serverless repository ## ツール - [**cloud_enum**](https://github.com/initstring/cloud_enum): マルチクラウドのOSINTツール。**公開リソースを検出**します。AWS、Azure、Google Cloudで公開されているリソースを見つけます。サポートされているAWSサービス: Open / Protected S3 Buckets, awsapps (WorkMail, WorkDocs, Connect, etc.) {{#include ../../../banners/hacktricks-training.md}}