Simulating an AWS Pentest: Discovering S3 Bucket Organization ID Across Accounts

By /

Listen to this Post

In this video, I simulate an AWS Pentest where the client has provided us with access to the AWS CLI. Our goal is to determine the Organization ID of an S3 Bucket in a completely different AWS Account.

This is a completely FREE lab on Cybr.

I showcase the following:

  • Installing the AWS CLI
  • Configuring the Access Key and Secret
  • Installing & Using Pacu by Rhino Security Labs, Inc to bruteforce permissions
  • Using “Conditional Love” by Plerion to discover the Organization ID

Video: https://lnkd.in/gfmhFpUg

Practice Verified Codes and Commands:

1. Installing AWS CLI:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

2. Configuring AWS CLI:

aws configure

Enter your Access Key, Secret Key, region, and output format when prompted.

3. Installing Pacu:

git clone https://github.com/RhinoSecurityLabs/pacu.git
cd pacu
bash install.sh

4. Using Pacu to BruteForce Permissions:

python3 pacu.py

Follow the on-screen instructions to enumerate and exploit permissions.

5. Using “Conditional Love” by Plerion:

git clone https://github.com/plerion/conditional-love.git
cd conditional-love
pip install -r requirements.txt
python3 conditional_love.py --profile <your-aws-profile>

What Undercode Say:

In this article, we explored a simulated AWS Pentest scenario where the goal was to discover the Organization ID of an S3 Bucket in a different AWS account. The process involved installing and configuring the AWS CLI, using Pacu for permission brute-forcing, and leveraging “Conditional Love” by Plerion for discovering the Organization ID.

To further enhance your skills in AWS security, consider practicing the following commands and tools:

  • AWS CLI Commands: 
    aws s3 ls # List S3 buckets
aws iam list-users # List IAM users
aws ec2 describe-instances # List EC2 instances

  • Linux Commands for Security:

    nmap -sV <target-ip> # Scan for open ports and services
netstat -tuln # List all listening ports
tcpdump -i eth0 # Capture network traffic

  • Windows Commands for Security:

    netstat -an # Display active connections
tasklist # List running processes
ipconfig # Display network configuration

For more advanced AWS security practices, consider exploring the following resources:
AWS Security Best Practices
Rhino Security Labs Pacu Documentation
Plerion Conditional Love GitHub

By mastering these tools and commands, you can significantly improve your ability to conduct thorough and effective AWS security assessments. Always remember to practice ethical hacking and obtain proper authorization before performing any penetration testing activities.

References:

Reported By: Tyler Ramsbey – Hackers Feeds
Extra Hub:
Undercode MoN
Basic Verification ✅Featured Image

Related Posts: