Post on 08-Jan-2017
transcript
AWS-PTByVengatesh.N
AWS & Its Terminologies1. AWS2. VPC3. Emc2 Instances4. AMI(Amazon Machine Image)
AWS-Scenario
AWS-Scenario
AWS Pen-testing Methodology1. Testing SSH2. Scanning with tools3. Finger Printing or Extracting Meta-Data
Caution..!!!!!!To perform VAPT on AWS, prior permission is needed from AWS teamhttps://aws.amazon.com/forms/penetration-testing-request
Testing SSH1. Direct root access allowed or not2. Default username password changed or not3. Login using. pem file or password4. Environment variables are accessible to the user or
not5. Default port 22 is used or not6. Try to create a new user with password authentication
Default SSH Credentials
VPC Firewall-Rules Configuration
Scanning with toolsTo name few: Nessus Nmap Nexpose OpenVAS Qualys
Nessus Compliance check
Nexpose AWS Audit
Whole Audit Process Explained Auditing with Nessus:https://www.tenable.com/blog/nessus-amazon-aws-auditing-now-availableAuditing With Nexpose:http://www.esecforte.com/auditing-your-cloud-infrastructure-with-nexpose-enterprise/
Extracting MetadataExtracting Juicy information Manual Using Nimbostratus Tool
Manual Method Use curl to access MetadataMetadata Information Will be available Here:curl http://publicIP/http:// publicIP /latest/
Manual Method
Using NimbostratusNimbostratus can fingerprint & Exploit AWS InfrastructuresFeatures: Dump permissions Dump instance meta-data Create new userMore: http://andresriancho.github.io/nimbostratus/
ConclusionPoints to Remember while Securing AWS:Different users for different tasksAudit users and groups periodicallySecurity Practices applicable for SSH or service Security Best Practices:http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Referenceshttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.htmlhttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.htmlhttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-tutorials.htmlhttps://thoughtsandideas.files.wordpress.com/2012/05/step-2-2-amazon-ec2-instance1.pnghttps://www.youtube.com/watch?v=CaJCmoGIW24http://unix.stackexchange.com/questions/82626/why-is-root-login-via-ssh-so-bad-that-everyone-advises-to-disable-ithttps://www.blackhat.com/docs/us-14/materials/us-14-Riancho-Pivoting-In-Amazon-Clouds-WP.pdf