HackTricks Cloud
HackTricks Training Twitter Linkedin Sponsor

AWS - Elastic Beanstalk Post Exploitation

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Elastic Beanstalk

For more information:

pageAWS - Elastic Beanstalk Enum

elasticbeanstalk:DeleteApplicationVersion

TODO: Test if more permissions are required for this

An attacker with the permission elasticbeanstalk:DeleteApplicationVersion can delete an existing application version. This action could disrupt application deployment pipelines or cause loss of specific application versions if not backed up.

aws elasticbeanstalk delete-application-version --application-name my-app --version-label my-version

Potential Impact: Disruption of application deployment and potential loss of application versions.

elasticbeanstalk:TerminateEnvironment

TODO: Test if more permissions are required for this

An attacker with the permission elasticbeanstalk:TerminateEnvironment can terminate an existing Elastic Beanstalk environment, causing downtime for the application and potential data loss if the environment is not configured for backups.

aws elasticbeanstalk terminate-environment --environment-name my-existing-env

Potential Impact: Downtime of the application, potential data loss, and disruption of services.

elasticbeanstalk:DeleteApplication

TODO: Test if more permissions are required for this

An attacker with the permission elasticbeanstalk:DeleteApplication can delete an entire Elastic Beanstalk application, including all its versions and environments. This action could cause a significant loss of application resources and configurations if not backed up.

aws elasticbeanstalk delete-application --application-name my-app --terminate-env-by-force

Potential Impact: Loss of application resources, configurations, environments, and application versions, leading to service disruption and potential data loss.

elasticbeanstalk:SwapEnvironmentCNAMEs

TODO: Test if more permissions are required for this

An attacker with the elasticbeanstalk:SwapEnvironmentCNAMEs permission can swap the CNAME records of two Elastic Beanstalk environments, which might cause the wrong version of the application to be served to users or lead to unintended behavior.

aws elasticbeanstalk swap-environment-cnames --source-environment-name my-env-1 --destination-environment-name my-env-2

Potential Impact: Serving the wrong version of the application to users or causing unintended behavior in the application due to swapped environments.

elasticbeanstalk:AddTags, elasticbeanstalk:RemoveTags

TODO: Test if more permissions are required for this

An attacker with the elasticbeanstalk:AddTags and elasticbeanstalk:RemoveTags permissions can add or remove tags on Elastic Beanstalk resources. This action could lead to incorrect resource allocation, billing, or resource management.

aws elasticbeanstalk add-tags --resource-arn arn:aws:elasticbeanstalk:us-west-2:123456789012:environment/my-app/my-env --tags Key=MaliciousTag,Value=1

aws elasticbeanstalk remove-tags --resource-arn arn:aws:elasticbeanstalk:us-west-2:123456789012:environment/my-app/my-env --tag-keys MaliciousTag

Potential Impact: Incorrect resource allocation, billing, or resource management due to added or removed tags.

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

PreviousAWS - EKS Post ExploitationNextAWS - IAM Post Exploitation

Last updated