HackTricks CloudAWS - Hifadhidata ya Uhusiano (RDS) Uorodheshaji
Reading time: 6 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Taarifa za Msingi
The Relational Database Service (RDS) offered by AWS imeundwa kurahisisha deployment, operation, na scaling ya relational database in the cloud. Huduma hii inatoa faida za ufanisi wa gharama na uwezo wa kupanuka huku ikiautomate kazi zinazochukua kazi nyingi kama provisioning ya hardware, configuration ya database, patching, na backups.
AWS RDS inaunga mkono engines mbalimbali maarufu za hifadhidata za uhusiano ikiwa ni pamoja na MySQL, PostgreSQL, MariaDB, Oracle Database, Microsoft SQL Server, na Amazon Aurora, ikiwa na compatibility kwa MySQL na PostgreSQL.
Vipengele muhimu vya RDS ni pamoja na:
- Management of database instances imewekwa rahisi.
- Uundaji wa read replicas kuboresha performance ya kusoma.
- Uwekaji wa multi-Availability Zone (AZ) deployments kuhakikisha high availability na mechanisms za failover.
- Integration na huduma nyingine za AWS, kama:
- AWS Identity and Access Management (IAM) kwa udhibiti imara wa upatikanaji.
- AWS CloudWatch kwa monitoring na metrics kamili.
- AWS Key Management Service (KMS) kwa kuhakikisha encryption at rest.
Vyeti
When creating the DB cluster the master username inaweza kusanidiwa (admin kwa default). Ili kuzalisha nenosiri la mtumiaji huyu unaweza:
- Eleza password mwenyewe
- Mwambie RDS ili auto generate yake
- Mwambie RDS iisimamie huko AWS Secret Manager ikifichwa kwa ufunguo wa KMS
.png)
Uthibitishaji
Kuna aina 3 za chaguo la uthibitishaji, lakini kutumia master password is always allowed:
.png)
Public Access & VPC
Kwa default no public access is granted kwa databases, hata hivyo inaweza kuitolewa. Kwa hiyo, kwa default mashine kutoka kwenye VPC hiyo hiyo ndizo zitakazoweza kuifikia ikiwa security group iliyochaguliwa (are stored in EC2 SG) inaruhusu.
Badala ya kuonyesha DB instance, inawezekana kuunda RDS Proxy ambayo improve scalability & availability ya DB cluster.
Zaidi ya hayo, database port can be modified pia.
Encryption
Encryption is enabled by default ikitumia AWS managed key (a CMK inaweza kuchaguliwa badala yake).
Kwa kuwezesha encryption yako, unawezesha encryption at rest for your storage, snapshots, read replicas and your back-ups. Keys za kusimamia encryption hii zinaweza kutolewa kwa kutumia KMS.
Haiwezekani kuongeza kiwango hiki cha encryption baada ya database yako kuundwa. It has to be done during its creation.
Hata hivyo, kuna workaround allowing you to encrypt an unencrypted database as follows. Unaweza kuunda snapshot ya database yako isiyofichwa, kuunda nakala iliyofichwa ya snapshot hiyo, kutumia snapshot iliyofichwa kuunda database mpya, na hatimaye database yako itakuwa imefichwa.
Transparent Data Encryption (TDE)
Mbali na uwezo wa encryption uliopo ndani ya RDS kwenye ngazi ya application, RDS pia inaunga mkono additional platform-level encryption mechanisms za kulinda data at rest. Hii inajumuisha Transparent Data Encryption (TDE) kwa Oracle na SQL Server. Hata hivyo, ni muhimu kutambua kwamba ingawa TDE inaongeza usalama kwa kuficha data at rest, inaweza pia athiri performance ya database. Mlipuko wa performance huu unaonekana hasa wakati inatumika pamoja na MySQL cryptographic functions au Microsoft Transact-SQL cryptographic functions.
Ili kutumia TDE, hatua fulani za awali zinahitajika:
- Option Group Association:
- Database lazima ihusishwe na option group. Option groups hutumika kama containers kwa settings na features, zikisaidia usimamizi wa database, pamoja na kuboresha usalama.
- Hata hivyo, ni muhimu kutambua kwamba option groups zinapatikana tu kwa engines na versions maalum za database.
- Inclusion of TDE in Option Group:
- Mara database imehusishwa na option group, chaguo la Oracle Transparent Data Encryption linahitaji kuongezwa kwenye kundi hilo.
- Ni lazima kutambua kwamba mara chaguo la TDE linapoongezwa kwenye option group, linakuwa la kudumu na haliwezi kuondolewa.
- TDE Encryption Modes:
- TDE inatoa modes mbili tofauti za encryption:
- TDE Tablespace Encryption: Mode hii inaficha meza nzima, ikitoa wigo mpana wa ulinzi wa data.
- TDE Column Encryption: Mode hii inalenga kuficha vitu maalum ndani ya database, ikiruhusu udhibiti wa kina juu ya data inayofichwa.
Kuelewa prerequisites hizi na utata wa kiutendaji wa TDE ni muhimu kwa kutekeleza na kusimamia encryption ndani ya RDS kwa ufanisi, kuhakikisha usalama wa data na uzingatiaji wa viwango vinavyohitajika.
Enumeration
# Clusters info
## Get Endpoints, username, port, iam auth enabled, attached roles, SG
aws rds describe-db-clusters
aws rds describe-db-cluster-endpoints #Cluster URLs
aws rds describe-db-cluster-backtracks --db-cluster-identifier <cluster-name>
## Cluster snapshots
aws rds describe-db-cluster-snapshots
aws rds describe-db-cluster-snapshots --include-public --snapshot-type public
## Restore cluster snapshot as new instance
aws rds restore-db-instance-from-db-snapshot --db-cluster-identifier <ID> --snapshot-identifier <ID>
# Get DB instances info
aws rds describe-db-instances #username, url, port, vpc, SG, is public?
aws rds describe-db-security-groups
## Find automated backups
aws rds describe-db-instance-automated-backups
## Find snapshots
aws rds describe-db-snapshots
aws rds describe-db-snapshots --include-public --snapshot-type public
## Restore snapshot as new instance
aws rds restore-db-instance-from-db-snapshot --db-instance-identifier <ID> --db-snapshot-identifier <ID> --availability-zone us-west-2a
# Any public snapshot in the account
aws rds describe-db-snapshots --snapshot-type public
# Proxies
aws rds describe-db-proxy-endpoints
aws rds describe-db-proxy-target-groups
aws rds describe-db-proxy-targets
## reset credentials of MasterUsername
aws rds modify-db-instance --db-instance-identifier <ID> --master-user-password <NewPassword> --apply-immediately
Upatikanaji Usio na Uthibitisho
AWS - RDS Unauthenticated Enum
Privesc
Post Exploitation
Persistence
SQL Injection
Kuna njia za kupata data za DynamoDB kwa kutumia SQL syntax, kwa hivyo, SQL injections za kawaida pia zinawezekana.
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.