AWS - SQS Enum

Reading time: 3 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

SQS

Amazon Simple Queue Service (SQS) inawasilishwa kama huduma ya ujumbe ya kuwasilisha inayosimamiwa kikamilifu. Kazi yake kuu ni kusaidia katika kupanua na kutenganisha microservices, mifumo iliyosambazwa, na programu zisizo na seva. Huduma hii imeundwa kuondoa hitaji la kusimamia na kufanya kazi na middleware inayolenga ujumbe, ambayo mara nyingi inaweza kuwa ngumu na kutumia rasilimali nyingi. Kuondolewa kwa ugumu huu kunawawezesha waendelezaji kuelekeza juhudi zao kwenye vipengele vya ubunifu na tofauti vya kazi zao.

Enumeration

bash
# Get queues info
aws sqs list-queues
aws sqs get-queue-attributes --queue-url <url> --attribute-names All

# More about this in privesc & post-exploitation
aws sqs receive-message --queue-url <value>

aws sqs send-message --queue-url <value> --message-body <value>

caution

Pia, hata kama --queue-url ina eneo, hakikisha unataja eneo sahihi katika --region au utapata kosa ambalo linaonekana kuashiria kwamba huna ufaccess lakini tatizo ni eneo.

Unauthenticated Access

AWS - SQS Unauthenticated Enum

Privilege Escalation

AWS - SQS Privesc

Post Exploitation

AWS - SQS Post Exploitation

Persistence

AWS - SQS Persistence

References

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks