Cloud
AWS
Configure
Note: If you have a multiple of account you can specifie your account and your endpoint url with
--profile <profile_name>
and--endpoint-url <url>
.
Example:
IAM
List policies attached to an user
This command will return an object like this:
Get policy detail from an policy arn
List user policy
Get user policy detail for an user
LAMBDA
List function
Get public url of the function
S3
aws s3 documentation aws s3api documentation
List buckets
List object in buckets
List bucket files
Get file from bucket
Upload file to bucket
Dynamodb
List all tables
Get data from table
Create table
Put item in table
Kubernetes
Kubernetes commonly stylized as K8s is an open-source container orchestration system for automating software deployment, scaling, and management. Google originally designed Kubernetes, but the Cloud Native Computing Foundation now maintains the project.
Usefull paths
Namespace
Authorization
Secrets
List all secrets:
Get secret:
Pods
Get:
Describe:
You can get configuration of specific
Apply:
If you have good rights to apply a pod, most of the time you will be able to turn up the volume of the root machine.
You can find an definition of malicious pod here: pwn.yml
Exec command
Usefull link
Azure
Domain name for Azure resources storages
Blob storage -> https://[account].blob.core.windows.net
Azure Data Lake Storage Gen2 -> https://[account].dfs.core.windows.net
Azure files -> https://[account].file.core.windows.net
Queue storage -> https://[account].queue.core.windows.net
Table storage -> https://[account].table.core.windows.net
List public blob
List all containers files.
List one file
Note %3D is '=' and it's required
Here you can find more information for query parameters
Azure cosmos
List table content
Docker registry
Recon
By default, docker registry run on port 5000. The first step to do is to know if the registry need authentication token or not. You can do this by sending a request to the registry.
Get authentication token
With the header
www-authenticate
you can know if the registry need authentication token or not.
Example of response:
From this response you can try to get a token, the realm is the url to get the token.
Examples of requests:
Get all images names
You can get all images names by sending a request to the registry with the authentication token.
Get all tags for an image
You can get all tags for an image by sending a request to the registry with the authentication token.
Get image manifest
You can get image manifest by sending a request to the registry with the authentication token.
Get image layer
Automated tools
You can also use an automated tool like DockerRegistryGrabber.
Last updated