Account Disclosure by resource policy
SNS publish policy
Use the assign policy command to enumerate existing accounts. Create an SNS topic and an access policy where we specify the Account ID we want to test. If we don't receive an error then we have confirmed the existence of the account
Create SNS topic
aws sns create-topic --name <arbitrary name>Create the following file locally and save it as a JSON file
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "grant-1234-publish",
"Effect": "Allow",
"Principal": {
"AWS": "<account to test>"
},
"Action": ["sns:Publish"],
"Resource": "<topic arn>"
}]
}Assign the policy to the bucket
aws sns set-topic-attributes --topic-arn <arn> --attribute-name 'Policy' --attribute-value file://<policy file>.jsonBucket policies
By trying to assign a role to a bucket we own it is possible to check if a specific user exists. Since the role is owned by a user we input the user account id we want to test (12 ciphers without hyphen) and an arbitrary role name. If the operation succeeds we have confirmed that the account exists
Create the following file locally and save it as a JSON file
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account to test>:role/test_role"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::<bucket name>*"
}
]
}Assign the policy to the bucket
aws s3api put-bucket-policy --bucket <bucket name> --policy file://<policy file>.jsonLast updated