## AWS (Amazon Web Services) SCENARIO: You've obtained an access key, secret key, and a .pem key from a possible AWS admin on your target network. You can now enumerate their AWS access using these credentials. REFERENCES: https://github.com/RhinoSecuritylabs/pacu/wiki https://github.com/carnal0wnage/weirdAAL https://github.com/toniblyx/my-arsenal-of-aws-security-tools ### STEP 1: Gather tools Git clone Pacu AWS testing framework and install: https://github.com/RhinoSecuritylabs/pacu.git ### STEP 2: Pacu framework: ```bash python3 pacu.py ``` ### STEP 3: Connect to AWS Set AWS credential values obtain from your target: Key alias - Used internally within Pacu and is associated with a AWS key pair. Has no bearing on AWS permissions. Access Key - Generated from an AWS User Secret Key - Secret key associated with access key. Omitted in image. (Optional) Session Key serves as a temporary access key to access AWS services. ### STEP 4: Navigating AWS To view a list of available commands execute 'ls' or execute a module: ```bash > ls > run enum_ec2 ``` ## MICROSOFT AZURE SCENARIO: You've been able to obtain credentials for a privileged user for Azure AD (Owner or Contributor). You can now target this user by possibly harvesting credentials stored in either Key Vaults, App Services Configurations, Automation Accounts, and Storage Accounts. REFERENCES: https://blog.netspi.com/get-azurepasswords/ https://nostarch.com/azure ### STEP 1: Gather Tools Install PowerShell modules and download/Import Microburst by NetSPI: ```powershell Install-Module -Name AzureRM Install-Module -Name Azure ``` https://github.com/NetSPI/MicroBurst ```powershell Import-Module .\Get-AzurePasswords.psl ``` ### STEP 2: Get-AzurePasswords Now that the PowerShell module is imported we can execute it to retrieve all available credentials at once from Key Vaults, App Services Configurations, Automation Accounts, and Storage Accounts. You will be prompted for the user account, credentials, and subscription you'd like to use. We can pipe the output to a CSV file: ```powershell Get-AzurePasswords -Verbose I Export-CSV ``` ## GCP (Google Cloud Platform) https://github.com/nccgroup/ScoutSuite ### STEP 1: Download and install Gcloud command-line tool: https://cloud.google.com/pubsub/docs/quickstart-cli ### STEP 2: Set the obtained target creds in your configuration: ```bash gcloud config set account <account> ``` ### STEP 3: Execute 'scout' using a user account or service account: ```bash $ python Scout.py --provider gcp --user-account $ python Scout.py --provider gcp --service-account --key-file /path/to/keyfile ``` ### STEP 4: To scan a GCP account, execute either of the following: Organization: organization-id <ORGANIZATION_ID> Folder: folder-id <FOLDER_ID> Project: project-id <PROJECT_ID> #howto [[Home]]