Cloud computing and IAM Types of Cloud Computing Infrastructure as a Service (IaaS) Provide building blocks for cloud IT Provide networking, computers, data storage space Highest level of flexibility Simulate the look from managing physical resources Eg: EC2, EBS, GCP, Digital Ocean, Elastic Load Balancing Platform as a Service (PaaS) Remove the company to manage underlying infrastructure Focus on deployment and management of applications You will define the behavior and environment for your application (code) Eg: Heroku, ECS, Elastic Beanstalk Software as a Service (SaaS) Completed product that is run and managed by the service provider offer services meant to be accessed by end users Eg: Gmail, Outlook, Recognition for ML, Zoom ...

Cloud Resume Challenge Setup AWS Create your aws account Setup MFA for your roor account Create an IAM user Assign permission (Principle of Least privilege) Setup Vault (https://github.com/99designs/aws-vault) aws-vault add myuser ( ex: aws-vault add dev) aws-vault exex myuser — aws s3 ls Setup S3 What is s3: file service useful for storing files usually for host a website What is AWS SAM: server less application model we will create an AWS Lambda (we ignore this for now) ...

Machine IP: 10.10.10.143 Reconocimiento Primero hacemos un escaneo de puertos para saber cuales están abiertos y conocer sus servicios correspondientes Nmap Como vemos tiene el puerto 80 abierto, que es el http, veremos en el navegador de que se trata y analizaremos la web. Wappalyzer Usando la extensión wappalizer para identificar las tecnologías usadas en la web, encontramos que la web está usando phpmyadmin version 4.8 Al hacer un poco de research encontramos la siguiente vulnerabilidad phpMyAdmin 4.8.1 - Remote Code Execution (RCE) , que se aprovecha del ejecutar comandos a traves de parametros sql. ...

Enumeración System IP: 10.10.10.3 Matriz de la maquina Esta matriz nos muestra las características de explotación de la maquina. Enumeración de servicios Server IP Address Ports Open 10.10.10.3 TCP: 21,22,139,445,3632 Nmap Scan Resultados: Usando el siguiente comando para enumerar las versiones y servicios que corren en cada puerto luego de hacer un escaneo de puertos abiertos. nmap -A -n -Pn -p21,22,139,445,3632 10.10.10.3 Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-28 21:12 EDT Nmap scan report for 10.10.10.3 Host is up (0.12s latency). PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 |_ftp-anon: Anonymous FTP login allowed (FTP code 230) | ftp-syst: | STAT: | FTP server status: | Connected to 10.10.14.2 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | vsFTPd 2.3.4 - secure, fast, stable |_End of status 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) | ssh-hostkey: | 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA) |_ 2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.0.20-Debian (workgroup: WORKGROUP) 3632/tcp open distccd distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4)) Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel Identificación de vulnerabilidades Como podemos observar, en el puerto 445 corre la version 3.0.20 de samba, entonces hacemos una búsqueda en searchsploit con el comando searchsploit samba 3.0.20. ...

Enumeración System IP: 10.10.10.40 Matriz de la maquina Esta matriz nos muestra las características de explotación de la maquina. Enumeración de servicios The service enumeration portion of a penetration test focuses on gathering information about what services are alive on a system or systems. This is valuable for an attacker as it provides detailed information on potential attack vectors into a system. Understanding what applications are running on the system gives an attacker needed information before performing the actual penetration test. In some cases, some ports may not be listed. ...