s3express-control.us-west-1.amazonaws.com doesn't respond

RhinoSecurityLabs / pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/

BSD 3-Clause "New" or "Revised" License

4.37k stars 694 forks source link

s3express-control.us-west-1.amazonaws.com doesn't respond #414

Closed ertygiq closed 5 months ago

ertygiq commented 6 months ago

When running 'iam__bruteforce_permissions' module, the execution freezes for a while on 'Trying list_directory_buckets' task and then I get Could not connect to the endpoint URL: "https://s3express-control.us-west-1.amazonaws.com/"

Looks like it's checking for something which doesn't exist anymore.

DaveYesland commented 5 months ago

Here is the documentation on those endpoints: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-networking.html#s3-express-endpoints

Does this cause Pacu to exit or fail with in error in some way? or does it just print that message and continue? I have not worked a bunch with iam__bruteforce_permissions, but it is intended to just "try" stuff and see if it works so several errors are expected if you do not have the permissions or the resources in the target account do not exist.

DaveYesland commented 5 months ago

Tried to reproduce this and running iam__bruteforce_permissions completed without any hanging or issues and found permissions. Closing for now, reopen if you have other steps to reproduce.