AWS - adeptex/CTF GitHub Wiki

AWS

Account name

302 if exists on https://[account].signin.aws.amazon.com

Metadata

http://instance-data.eu-central-1.compute.internal/latest/meta-data/
http://169.254.169.254/latest/meta-data/
http://2852039166/latest/meta-data/

S3

[domain/bucket].s3.amazonaws.com
aws s3 ls --no-sign-request domain.tld

API Gateway

https://{rest_api_id}.execute-api.{rest_api_region}.amazonaws.com/{stage}/{resource}

Serverless

Deep Dive Into Lambda Layers and the Lambda Runtime API - AWS Online Tech Talks https://www.youtube.com/watch?v=gCQHulp3aVo

Hacking Serverless Runtimes: Profiling AWS Lambda Azure Functions & More https://www.youtube.com/watch?v=GZBiz-0t5KA

Information Gathering

aws sts get-caller-identity
aws iam get-user

aws iam list-groups-for-user --user-name 
aws iam list-attached-group-policies --group-name
aws iam list-group-policies --group-name
aws iam list-attached-user-policies --user-name
aws iam list-user-policies --user-name

aws iam get-policy --policy-arn