Pentesting: Cloud Security.

Introduction.

We'll use AWS (Amazon Web Services) as an example, but other cloud services work in similar way to AWS.

One of the characteristics of Cloud Services is so-called: 'Shared Responsibility'. Cloud Service's Provider (Amazon in this case) is responsible for infrastructure, and Client is responsible for using that infrastructure securely, for securing what's running in that infrastructure.


S3 Buckets Security.

In AWS, S3 means: 'Simple Storage Service'.

There are 'S3 Buckets' in which data/files can be stored.

Amazon offers very high SLA (Service Level Agreement), equal to 99,999999999%. This means that if we store
10 000 000 files, for 10 000 of years, statistically we'll lose only 1 file.

If we find misconfiguration in AWS S3 Buckets service, we can - for example - access the files in the whole S3 Bucket.

API Key Leaks.

API Keys are required to acces Cloud API, through which we can manage our app in the cloud infrastructure.

How we can find leaked API Keys?

Let's try the nmap tool first.

We've found a web application running on port 8080.

Let's try to enumerate it, using feroxbuster.

We've found .git folder, with the code repository, that should not be there. Let's dump and extract the repo using the GitTools tool.

Browsing through extracted tree of git objects, we find the 'app.json' file with interresting data. Login & password credentials, and API Key.

The API Key can be used to manage whole of our target's infrastructure in AWS Cloud.


/ To be continued. /