GWS - Workspace Pentesting

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Entry Points

Google Platforms and OAuth Apps Phishing

Check how you could use different Google platforms such as Drive, Chat, Groups... to send the victim a phishing link and how to perform a Google OAuth Phishing in:

pageGWS - Google Platforms Phishing

Password Spraying

In order to test passwords with all the emails you found (or you have generated based in a email name pattern you might have discover) you could use a tool like https://github.com/ustayready/CredKing (although it looks unmaintained) which will use AWS lambdas to change IP address.

Post-Exploitation

If you have compromised some credentials or the session of the user you can perform several actions to access potential sensitive information of the user and to try to escala privileges:

pageGWS - Post Exploitation

GWS <-->GCP Pivoting

pageGCP <--> Workspace Pivoting

Persistence

If you have compromised some credentials or the session of the user check these options to maintain persistence over it:

pageGWS - Persistence

Account Compromised Recovery

  • Log out of all sessions

  • Change user password

  • Generate new 2FA backup codes

  • Remove App passwords

  • Remove OAuth apps

  • Remove 2FA devices

  • Remove email forwarders

  • Remove emails filters

  • Remove recovery email/phones

  • Removed malicious synced smartphones

  • Remove bad Android Apps

  • Remove bad account delegations

References

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Last updated