AWS - Cognito Enum

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Cognito

Amazon Cognito inatumika kwa uthibitishaji, ruhusa, na usimamizi wa watumiaji katika programu za wavuti na simu. Inawaruhusu watumiaji kubadilika kuingia moja kwa moja kwa kutumia jina la mtumiaji na nenosiri au kwa njia isiyo ya moja kwa moja kupitia mtu wa tatu, ikiwa ni pamoja na Facebook, Amazon, Google, au Apple.

Kati ya Amazon Cognito kuna sehemu mbili kuu:

User Pools: Hizi ni saraka zilizoundwa kwa watumiaji wa programu yako, zikitoa uwezo wa kujiandikisha na kuingia.
Identity Pools: Hizi ni muhimu katika kuidhinisha watumiaji kupata huduma tofauti za AWS. Hazihusiki moja kwa moja katika mchakato wa kuingia au kujiandikisha lakini ni muhimu kwa upatikanaji wa rasilimali baada ya uthibitishaji.

User pools

Ili kujifunza ni nini Cognito User Pool check:

Identity pools

Ili kujifunza ni nini Cognito Identity Pool check:

Enumeration

# List Identity Pools
aws cognito-identity list-identity-pools --max-results 60
aws cognito-identity describe-identity-pool --identity-pool-id "eu-west-2:38b294756-2578-8246-9074-5367fc9f5367"
aws cognito-identity list-identities --identity-pool-id <ident-pool-id> --max-results 60
aws cognito-identity get-identity-pool-roles --identity-pool-id <ident-pool-id>

# Identities Datasets
## Get dataset of identity id (inside identity pool)
aws cognito-sync list-datasets --identity-pool-id <ident-pool-id> --identity-id <ident-id>
## Get info of the dataset
aws cognito-sync describe-dataset --identity-pool-id <value> --identity-id <value> --dataset-name <value>
## Get dataset records
aws cognito-sync list-records --identity-pool-id <value> --identity-id <value> --dataset-name <value>

# User Pools
## Get pools
aws cognito-idp list-user-pools --max-results 60

## Get users
aws cognito-idp list-users --user-pool-id <user-pool-id>

## Get groups
aws cognito-idp list-groups --user-pool-id <user-pool-id>

## Get users in a group
aws cognito-idp list-users-in-group --user-pool-id <user-pool-id> --group-name <group-name>

## List App IDs of a user pool
aws cognito-idp list-user-pool-clients --user-pool-id <user-pool-id>

## List configured identity providers for a user pool
aws cognito-idp list-identity-providers --user-pool-id <user-pool-id>

## List user import jobs
aws cognito-idp list-user-import-jobs --user-pool-id <user-pool-id> --max-results 60

## Get MFA config of a user pool
aws cognito-idp get-user-pool-mfa-config --user-pool-id <user-pool-id>

## Get risk configuration
aws cognito-idp describe-risk-configuration --user-pool-id <user-pool-id>

Identity Pools - Unauthenticated Enumeration

Kujua tu ID ya Identity Pool unaweza kuwa na uwezo wa kupata akidi za jukumu lililohusishwa na watumiaji wasio na uthibitisho (ikiwa ipo). Angalia jinsi hapa.

User Pools - Unauthenticated Enumeration

Hata kama hujui jina la mtumiaji halali ndani ya Cognito, unaweza kuwa na uwezo wa kuorodhesha majina ya watumiaji halali, BF nywila au hata kujiandikisha mtumiaji mpya kwa kujua tu ID ya mteja wa App (ambayo kwa kawaida hupatikana katika msimbo wa chanzo). Angalia jinsi hapa.

Privesc

Unauthenticated Access

Persistence

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS - Codebuild Enum NextCognito Identity Pools

Last updated 8 days ago

Cognito

Kati ya Amazon Cognito kuna sehemu mbili kuu:

User Pools: Hizi ni saraka zilizoundwa kwa watumiaji wa programu yako, zikitoa uwezo wa kujiandikisha na kuingia.

Identity Pools: Hizi ni muhimu katika kuidhinisha watumiaji kupata huduma tofauti za AWS. Hazihusiki moja kwa moja katika mchakato wa kuingia au kujiandikisha lakini ni muhimu kwa upatikanaji wa rasilimali baada ya uthibitishaji.

User pools