AWS Testing

host -t ns offseclab.io # AWS Nameserver
dnsenum offseclab.io --threads 100

cloud_enum -k offseclab-assets-public-axevtewi --quickscan --disable-azure --disable-gcp

for key in "public" "private" "dev" "prod" "development" "production"; do echo "offseclab-assets-$key-axevtewi"; done | tee /tmp/keyfile.txt
cloud_enum -kf /tmp/keyfile.txt -qs --disable-azure --disable-gcp

aws configure --profile attacker
aws --profile attacker sts get-caller-identity

aws --profile attacker ec2 describe-images --executable-users all --filters "Name=description,Values=*Offseclab*"

aws --profile attacker ec2 describe-snapshots --owner-ids 826517219963

aws --profile attacker s3 ls offseclab-assets-public-kaykoour

aws --profile attacker iam create-user --user-name enum

aws --profile attacker iam create-access-key --user-name enum

aws configure --profile enum

aws sts get-caller-identity --profile enum

aws --profile enum s3 ls offseclab-assets-private-kaykoour

run iam__enum_roles --word-list /tmp/role-names.txt --account-id 123456789012

PreviousGraphQL API NextBroken Link Hijacking

Last updated 5 months ago

Was this helpful?