whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added info

This commit is contained in:
Stefan Friese 2024-02-13 00:04:26 +01:00
parent 288131e103
commit 110acc6fb7
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Enumeration/AWS.md
View File

@ -87,10 +87,10 @@ shared between people, everyone has full root access.
Policies are an authorization measurement. After authentication of a user (or Policies are an authorization measurement. After authentication of a user (or
principal) policies of the account are checked if the request is allowed. principal) policies of the account are checked if the request is allowed.
A policy may also be attached to a resource. Policy evaluation can be found in the [AWS docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html). A policy may also be attached to a resource. Policy evaluation can be found in the [AWS docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html). There are resource and identity based policies.
```sh ```sh
aws iam get-policy aws iam get-policy --policy-arn <ARN>
``` ```
Policy details consists of the following [example](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) Policy details consists of the following [example](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html)
@ -108,6 +108,14 @@ aws iam get-policy
} }
``` ```
Policy enforcement is done via the `Effect` keys and either has `allow` or `deny` keys set in the JSON object. Deny is default.
The `Action` keyword contains a Service and an API keyword on on that service in the scheme `<servicename>:<APIKeyword>`.
The Resource key contains the ARN of the resource the policy is set for.
The `Principal` key is only set for resource policies and contains the principal who is able to act on the resource. For example a `*` value allows public access.
The following graph is taken from the documentation, it shows the evaluation The following graph is taken from the documentation, it shows the evaluation
logic inside an account logic inside an account
@ -118,7 +126,7 @@ A principal can have multiple policies attached.
Policies like `assume-role` and `switch-role` can lead to the gain of roles Policies like `assume-role` and `switch-role` can lead to the gain of roles
with higher permissions with higher permissions
A `*` inside a policy represents every principal. Set the `*` to make an instance of a service A `*` inside a policy represents every principal. Set the `*` to make an instance of a service
public through the Internet. public through the Internet.
Administrator access policies can be queried to see who has elevated permissions. Administrator access policies can be queried to see who has elevated permissions.
@ -336,6 +344,12 @@ Download via `curl`, `wget` or `s3` cli via
aws s3 cp s3://<bucketname>/foo_public.xml . --no-sign-request aws s3 cp s3://<bucketname>/foo_public.xml . --no-sign-request
``` ```
#### S3 Policies
```sh
aws s3api get-bucket-policy --bucket <bucketname>--query Policy --output text
```
#### ACL #### ACL
If the ACL is set to If the ACL is set to