gitea-mirror/hacktricks-cloud

mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-02-05 03:16:37 -08:00

Files

History

Translator d949ecaa1e Translated ['src/pentesting-cloud/aws-security/aws-privilege-escalation/

2025-05-01 11:39:53 +00:00

..

aws-accounts-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-api-gateway-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-cloudfront-unauthenticated-enum.md

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

2024-12-31 20:11:38 +00:00

aws-codebuild-unauthenticated-access.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-cognito-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-documentdb-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-dynamodb-unauthenticated-access.md

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

2024-12-31 20:11:38 +00:00

aws-ec2-unauthenticated-enum.md

Translated ['src/pentesting-ci-cd/cloudflare-security/cloudflare-domains

2025-01-11 19:16:54 +00:00

aws-ecr-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-ecs-unauthenticated-enum.md

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

2024-12-31 20:11:38 +00:00

aws-elastic-beanstalk-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-elasticsearch-unauthenticated-enum.md

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

2024-12-31 20:11:38 +00:00

aws-iam-and-sts-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-identity-center-and-sso-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-iot-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-kinesis-video-unauthenticated-enum.md

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

2024-12-31 20:11:38 +00:00

aws-lambda-unauthenticated-access.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-media-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-mq-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-msk-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-rds-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-redshift-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-s3-unauthenticated-enum.md

Translated ['src/pentesting-cloud/aws-security/aws-privilege-escalation/

2025-05-01 11:39:53 +00:00

aws-sns-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

aws-sqs-unauthenticated-enum.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

README.md

Translated ['src/banners/hacktricks-training.md', 'src/pentesting-ci-cd/

2025-01-02 01:17:32 +00:00

README.md

AWS - Enumeração e Acesso Não Autenticado

{{#include ../../../banners/hacktricks-training.md}}

Vazamentos de Credenciais AWS

Uma maneira comum de obter acesso ou informações sobre uma conta AWS é procurando por vazamentos. Você pode procurar por vazamentos usando google dorks, verificando os repositórios públicos da organização e dos trabalhadores da organização no Github ou em outras plataformas, pesquisando em bancos de dados de vazamentos de credenciais... ou em qualquer outra parte que você acha que pode encontrar informações sobre a empresa e sua infraestrutura em nuvem.
Algumas ferramentas úteis:

Enumeração e Acesso Não Autenticado AWS

Existem vários serviços na AWS que podem ser configurados dando algum tipo de acesso a toda a Internet ou a mais pessoas do que o esperado. Confira aqui como:

Ataques entre Contas

Na palestra Quebrando a Isolação: Vulnerabilidades entre Contas AWS é apresentado como alguns serviços permitiram que qualquer conta AWS acessasse-os porque serviços AWS sem especificar IDs de contas foram permitidos.

Durante a palestra, eles especificam vários exemplos, como buckets S3 permitindo cloudtrail (de qualquer conta AWS) escrever neles:

Outros serviços encontrados vulneráveis:

AWS Config
Repositório Serverless

Ferramentas

cloud_enum: Ferramenta OSINT multi-nuvem. Encontre recursos públicos na AWS, Azure e Google Cloud. Serviços AWS suportados: Buckets S3 Abertos / Protegidos, awsapps (WorkMail, WorkDocs, Connect, etc.)

{{#include ../../../banners/hacktricks-training.md}}