🧙
Pentesting & Red Teaming Notes
  • Windows
    • Recon - Initial Access
    • Privilege Escalation
      • Enable Privs
      • SeBackupPrivilege
      • SeImpersonatePrivilege
      • SeDebugPrivilege
    • Kerberoasting
    • Lateral Movement
    • MSSQL
    • AD Related
    • Bypass-Evasion Techniques
    • Post Exploitation
    • Miscellaneous
    • UAC Bypass
    • Exploits
      • MS03-026 - RPC DCOM
      • MS04-011 - LSASRV
      • MS08-67 - Netapi
      • MS17-010 - Eternalblue
      • CVE-2019-1388
      • CVE-2020-1472 - Zerologon
      • CVE-2020-16938
      • CVE-2021-1675 - PrintNightmare
      • CVE-2022-21999 - SpoolFool
    • Coerced Auth
  • Linux
  • Abusing Active Directory ACLs
    • ReadLAPSPassword
    • WriteDacl
    • GenericWrite
    • ForceChangePassword
    • WriteOwner
  • Port Forwarding - Tunneling
  • Cloud
  • Mobile
  • Malware Development
    • Process Migration
    • Process Hollowing
    • Dynamic API Resolution
    • Suspended Threads
    • PPID Spoofing
    • Thread Stack Spoofing
    • ETW (Event Tracing for Windows)
    • AMSI Bypass
    • Tools
    • Esoteric
Powered by GitBook
On this page
  • Basic Commands
  • If you have Access Key and Secret Key

Cloud

PreviousPort Forwarding - TunnelingNextMobile

Last updated 3 years ago

Basic Commands

aws s3 ls s3://<bucketname>
aws s3 cp ./poc.txt s3://<bucketname>/poc.txt
aws s3 sync s3://<bucketname>

If you have Access Key and Secret Key

Command below enumerates your access and secret key. Additional buckets can be found via this way.

python3 /opt/enumerate-iam/enumerate-iam.py --access-key <accesskey> --secret-key <secretkey>

Set your credentials under ~/.aws/credentials

❯ cat ~/.aws/credentials
[default]
aws_access_key_id = <accesskey>
aws_secret_access_key = <secretkey>

Some s3api command examples

aws s3api list-buckets --query "Buckets[].Name"
aws s3api get-bucket-tagging --bucket <bucketname>

If the key has access to lambda function we can check what functions it have

aws lambda list-functions
aws lambda list-tags --resource arn:aws:lambda:eu-west-1:957405373060:function:lambdaThrusters-8697c51

EC2

aws ec2 describe-tags
https://docs.aws.amazon.com/cli/latest/reference/index.html#cli-aws