AWS - IAM Persistence

Reading time: 2 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

IAM

Kwa taarifa zaidi angalia:

AWS - IAM, Identity Center & SSO Enum

Persistence ya kawaida ya IAM

  • Unda mtumiaji
  • Ongeza mtumiaji unaodhibitiwa kwenye kundi lenye ruhusa za juu
  • Tengeneza access keys (za mtumiaji mpya au za watumiaji wote)
  • Toa ruhusa za ziada kwa watumiaji/kundi unaodhibitiwa (attached policies or inline policies)
  • Zima MFA / Ongeza kifaa chako cha MFA
  • Tengeneza hali ya Role Chain Juggling (more on this below in STS persistence)

Backdoor Role Trust Policies

Unaweza backdoor trust policy ili uweze kuitumia (assume) kwa rasilimali ya nje inayodhibitiwa na wewe (au kwa kila mtu):

json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ["*", "arn:aws:iam::123213123123:root"]
},
"Action": "sts:AssumeRole"
}
]
}

Backdoor Policy Version

Toa ruhusa za Administrator kwa sera ambayo si toleo lake la mwisho (toleo la mwisho liwe linaonekana halali), kisha wateue toleo hilo la sera kwa mtumiaji/kikundi unaodhibiti.

Backdoor / Create Identity Provider

Ikiwa akaunti tayari ina imani na identity provider ya kawaida (kama Github), masharti ya uaminifu yanaweza kuongezwa ili mshambuliaji aweze kuyatumia vibaya.

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks