AWS basics

These get taught in flaws.cloud, I wanted to put them all together in one spot for myself and anyone else.

Determine the IP of the target:

dig +nocmd any +multiline +noall +answer

See if the IP falls within the “amazonaws.com” servers

nslookup

Can anyone read the bucket contents (aws-cli)

aws s3 ls s3:// --no-sign-request --region

Can anyone read the bucket contents (browser)

http://.s3.amazonaws.com/

Configure current/new profile (aws-cli)

aws configure --profile

Can we list the bucket directory with an AWS account? (aws-cli)

aws s3 --profile ls s3://

Can we download the bucket with an AWS account? (aws-cli)

aws s3 sync s3:// /path/to/save --no-sign-request --region

List all buckets for that profile, great for after gaining target keys (aws-cli)

aws --profile s3 ls

Obtain the account id of the profile (aws-cli)

aws --profile sts get-caller-identity

Has this profile created any publicly readable snapshots? (aws-cli)

aws --profile ec2 describe-snapshots --region

Filter any publicly readable snapshots via the owner id (aws-cli)

aws --profile ec2 describe-snapshots --owner-id --region

Show Comments