Skip to content

Commit

Permalink
fix
Browse files Browse the repository at this point in the history
  • Loading branch information
carlospolop committed Jan 26, 2025
1 parent 041a508 commit 816da7a
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 2 deletions.
Binary file modified src/images/arte.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ For more information check https://github.com/padok-team/cognito-scanner
The only thing an attacker need to know to **get AWS credentials** in a Cognito app as unauthenticated user is the **Identity Pool ID**, and this **ID must be hardcoded** in the web/mobile **application** for it to use it. An ID looks like this: `eu-west-1:098e5341-8364-038d-16de-1865e435da3b` (it's not bruteforceable).

> [!TIP]
> The **IAM Cognito unathenticated role created via is called** by default `Cognito_<Identity Pool name>Unauth_Role`
> The **IAM Cognito unauthenticated role created via is called** by default `Cognito_<Identity Pool name>Unauth_Role`
If you find an Identity Pools ID hardcoded and it allows unauthenticated users, you can get AWS credentials with:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -837,7 +837,7 @@ Invoke-AzureRmVMBulkCMD -Script Mimikatz.ps1 -Verbose -output Output.txt
## Unauthenticated Access
{{#ref}}
../../az-unauthenticated-enum-and-initial-entry/az-vms-unath.md
../../az-unauthenticated-enum-and-initial-entry/az-vms-unauth.md
{{#endref}}
## Post Exploitation
Expand Down

0 comments on commit 816da7a

Please sign in to comment.