AWS - RDS Unauthenticated Enum

Leer & oefen AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Leer & oefen GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Kyk na die subskripsie planne!
Sluit aan by die 💬 Discord groep of die telegram groep of volg ons op Twitter 🐦 @hacktricks_live.
Deel hacking truuks deur PRs in te dien na die HackTricks en HackTricks Cloud github repos.

RDS

Vir meer inligting, kyk:

AWS - Relational Database (RDS) Enum

Publieke Poort

Dit is moontlik om publieke toegang tot die databasis vanaf die internet te gee. Die aanvaller sal steeds moet weet wat die gebruikersnaam en wagwoord is, IAM toegang, of 'n exploit om in die databasis in te gaan.

Publieke RDS Snapshot

AWS laat toe om toegang aan enigiemand te gee om RDS snapshots af te laai. Jy kan hierdie publieke RDS snapshots baie maklik vanaf jou eie rekening lys:

# Public RDS snapshots
aws rds describe-db-snapshots --include-public

## Search by account ID
aws rds describe-db-snapshots --include-public --query 'DBSnapshots[?contains(DBSnapshotIdentifier, `284546856933:`) == `true`]'
## To share a RDS snapshot with everybody the RDS DB cannot be encrypted (so the snapshot won't be encryted)
## To share a RDS encrypted snapshot you need to share the KMS key also with the account


# From the own account you can check if there is any public snapshot with:
aws rds describe-db-snapshots --snapshot-type public [--region us-west-2]
## Even if in the console appear as there are public snapshot it might be public
## snapshots from other accounts used by the current account

Publieke URL-sjabloon

mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306
postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432

Ondersteun HackTricks

Kyk na die subskripsie planne!
Sluit aan by die 💬 Discord groep of die telegram groep of volg ons op Twitter 🐦 @hacktricks_live.
Deel hacking truuks deur PRs in te dien na die HackTricks en HackTricks Cloud github repos.

PreviousAWS - MSK Unauthenticated Enum NextAWS - Redshift Unauthenticated Enum

Last updated 9 days ago

Publieke RDS Snapshot

AWS laat toe om toegang aan enigiemand te gee om RDS snapshots af te laai. Jy kan hierdie publieke RDS snapshots baie maklik vanaf jou eie rekening lys:

# Public RDS snapshots
aws rds describe-db-snapshots --include-public

## Search by account ID
aws rds describe-db-snapshots --include-public --query 'DBSnapshots[?contains(DBSnapshotIdentifier, `284546856933:`) == `true`]'
## To share a RDS snapshot with everybody the RDS DB cannot be encrypted (so the snapshot won't be encryted)
## To share a RDS encrypted snapshot you need to share the KMS key also with the account


# From the own account you can check if there is any public snapshot with:
aws rds describe-db-snapshots --snapshot-type public [--region us-west-2]
## Even if in the console appear as there are public snapshot it might be public
## snapshots from other accounts used by the current account

Publieke URL-sjabloon

mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306
postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432