Links

AWS - EFS Post Exploitation

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

EFS

For more information check:

elasticfilesystem:DeleteMountTarget

An attacker could delete a mount target, potentially disrupting access to the EFS file system for applications and users relying on that mount target.
aws efs delete-mount-target --mount-target-id <value>
Potential Impact: Disruption of file system access and potential data loss for users or applications.

elasticfilesystem:DeleteFileSystem

An attacker could delete an entire EFS file system, which could lead to data loss and impact applications relying on the file system.
aws efs delete-file-system --file-system-id <value>
Potential Impact: Data loss and service disruption for applications using the deleted file system.

elasticfilesystem:UpdateFileSystem

An attacker could update the EFS file system properties, such as throughput mode, to impact its performance or cause resource exhaustion.
aws efs update-file-system --file-system-id <value> --provisioned-throughput-in-mibps <value>
Potential Impact: Degradation of file system performance or resource exhaustion.

elasticfilesystem:CreateAccessPoint and elasticfilesystem:DeleteAccessPoint

An attacker could create or delete access points, altering access control and potentially granting themselves unauthorized access to the file system.
aws efs create-access-point --file-system-id <value> --posix-user <value> --root-directory <value>
aws efs delete-access-point --access-point-id <value>
Potential Impact: Unauthorized access to the file system, data exposure or modification.
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: