From 10e589f308aab4075300054a82b849f74792b915 Mon Sep 17 00:00:00 2001 From: CPol Date: Tue, 19 Dec 2023 13:18:58 +0000 Subject: [PATCH] GITBOOK-497: change request with no subject merged in GitBook --- .../aws-inspector-enum.md | 2 +- .../aws-waf-enum.md | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-inspector-enum.md b/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-inspector-enum.md index a33a7be6a9..c33d144ed1 100644 --- a/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-inspector-enum.md +++ b/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-inspector-enum.md @@ -79,7 +79,7 @@ aws inspector list-exclusions --assessment-run-arn aws inspector list-rules-packages ``` -### Post Exploitation +## Post Exploitation {% hint style="success" %} From an attackers perspective, this service can help the attacker to find vulnerabilities and network exposures that could help him to compromise other instances/containers. diff --git a/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-waf-enum.md b/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-waf-enum.md index 8258131510..c680b5c68d 100644 --- a/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-waf-enum.md +++ b/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-waf-enum.md @@ -49,6 +49,42 @@ If an **incoming request does not meet any rule** within the Web ACL then the re WAF CloudWatch metrics are reported **in one minute intervals by default** and are kept for a two week period. The metrics monitored are AllowedRequests, BlockedRequests, CountedRequests, and PassedRequests. +## Enumeration + +scope can also be CLOUDFRONT, but when checking for a WAF not related to CLoudfront you need to use REGIONAL. + +``` +# Get web acls +aws wafv2 list-web-acls --scope REGIONAL +aws wafv2 get-web-acl --scope REGIONAL --name --id +aws wafv2 list-resources-for-web-acl --web-acl-arn #Resources associated with the ACL +aws wafv2 get-web-acl-for-resource --resource-arn # Get web acl of the resource + +# Rule groups +aws wafv2 list-rule-groups --scope REGIONAL +aws wafv2 get-rule-group --scope REGIONAL --name --id + +# Get IP sets +aws wafv2 list-ip-sets --scope=REGIONAL +aws wafv2 get-ip-set --scope=REGIONAL --name --id + +# Get regex patterns +aws wafv2 list-regex-pattern-sets --scope REGIONAL + +# Get logging config (buckets storing the logs) +aws wafv2 list-logging-configurations --scope=REGIONAL +``` + +## Post Exploitation / Bypass + +{% hint style="success" %} +From an attackers perspective, this service can help the attacker to identify WAF protections and network exposures that could help him to compromise other webs. + +However, an attacker could also be interested in disrupting this service so the webs aren't protected by the WAF. +{% endhint %} + +TODO: PRs are welcome +
Support HackTricks and get benefits!