AWS Pentesting – Part – 1
Nowadays, we have experienced many data breaches exposing different vulnerabilities like s3 buckets, compromised AWS environments, and many more.
To understand the attacks on AWS, one must be aware of the different services provided by AWS.
In this blog, we will understand the different services provided by AWS, data breaches on AWS cloud services, tools used for Pentesting the AWS services, and how to start with the AWS CLI.
AWS offers many services. Like EC2, S3, AWS Lambda, CloudTrail, CloudWatch, and many more….
Many of the data breaches happen because of the misconfiguration of AWS services.
In this series of blog posts, we will discuss how these services can be exploited if it is not configured properly and countermeasures of course.
Let’s have a look at S3 Bucket Basic Services.
Now the question is what is S3?
S3 stands for Simple Storage Service
- Highly scalable storage services with virtually unlimited capacity.
- The main element of the service is a bucket which acts as a container. Contents which are stored in the bucket are called objects like file, backup, documents, images, sensitive file, source code, static web site, etc.
- Using amazon s3, you can store and retrieve any amount of data at any time on the web.
- A different mechanism of access control for s3 buckets
- Bucket policies
- IAM policies
- S3 buckets can be accessed via HTTP interface and AWS CLI
Refer to the link to understand S3 in detail. https://aws.amazon.com/s3/
- EC2 is nothing but Elastic Cloud Compute
- Most widely used service that provides a secure and resizable compute capacity in the cloud
- It can be used to launch as many virtual servers you need on a pay-as-you-go basis.
Refer to this link to understand EC2 in detail https://aws.amazon.com/ec2/
- To control privileges
- Is a web service used in combination with all Amazon Services?
Refer to this link to understand IAM in detail. https://aws.amazon.com/iam/
- AWS Lambda
- FaaS(Function as a Service)
- Offers serverless functions and applications.
- Code runs in response to events
Refer to this link to understand AWS Lambda in detail. https://aws.amazon.com/lambda/
Now the question is why there is a need for pen-testing?
As more and more organizations moving towards the cloud, a data breach is increasing day by day, and to protect this data breach Pentesting requirement has become necessary. Let us discuss about the data breach on the cloud in brief.
A data breach on Cloud
According to Gartner, Gartner analyst Neil MacDonald says that 99 percent of cloud security failures will be the customer’s fault through 2025.
- Capital One
- Year: 2019
- Attacker: AWS Employee
- Data leaked: 80,000 bank account numbers leaked
- How: SSRF
- Cause: misconfiguration of IAM role permissions for EC2 instance
- Year: 2017
- Attacker: Unsecured amazon s3 buckets was discovered by one of the UpGuard Security Researcher
- Data leaked: SecretAPI data, authentication credentials, decryption keys, and customer data
There are many data breaches that happened in the past like the GoDaddy data breach due to s3 cloud bucket misconfiguration, Verizon due to S3 leak, AgentRun leaks customer health information, and many more.
These data breaches can be minimized by performing pen-testing, security audits on different AWS cloud services.
Now the question is what are the tools required to start for pentesting AWS cloud?
Python script to discover all AWS resources created in an account.
Principal Mapper (PMapper) is a script and library for identifying risks in the configuration of AWS Identity and Access Management (IAM) in an AWS account.
Ruby script to perform brute force attack on s3 bucket
Prawler is a CLI tool for AWS Security Best Practices, auditing, hardening as per CIS AMAZON Web Services Foundations Benchmark.
Tools for fingerprinting and exploiting Amazon cloud infrastructures.
Find out the link for more toolsàhttps://github.com/toniblyx/my-arsenal-of-aws-security-tools
Now it’s time to set up AWS CLI in kali linux.
- Go to the link https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html in the browser. Click on the link as shown in the below image.
- Save the zip file to a location in your system and rename the folder to awscliv2.zip
- Unzip the AWS cli
- Install the AWS cli
- Verify AWS cli is installed or not by using a command AWS –version
- The next step is to configure your AWS account.
Enter access keys and secret keys of your AWS account with AWS CLI.
That’s it for now. In the next blog, we will learn about the s3 bucket exploitation part.
Till then bye-bye!
Attack & Pentest Team
Varutra Consulting Pvt. Ltd.