Links

AWS - SQS Post Exploitation

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

SQS

For more information check:

sqs:SendMessage , sqs:SendMessageBatch

An attacker could send malicious or unwanted messages to the SQS queue, potentially causing data corruption, triggering unintended actions, or exhausting resources.
aws sqs send-message --queue-url <value> --message-body <value>
aws sqs send-message-batch --queue-url <value> --entries <value>
Potential Impact: Vulnerability exploitation, Data corruption, unintended actions, or resource exhaustion.

sqs:ReceiveMessage, sqs:DeleteMessage, sqs:ChangeMessageVisibility

An attacker could receive, delete, or modify the visibility of messages in an SQS queue, causing message loss, data corruption, or service disruption for applications relying on those messages.
aws sqs receive-message --queue-url <value>
aws sqs delete-message --queue-url <value> --receipt-handle <value>
aws sqs change-message-visibility --queue-url <value> --receipt-handle <value> --visibility-timeout <value>
Potential Impact: Steal sensitive information, Message loss, data corruption, and service disruption for applications relying on the affected messages.

sqs:DeleteQueue

An attacker could delete an entire SQS queue, causing message loss and impacting applications relying on the queue.
Copy codeaws sqs delete-queue --queue-url <value>
Potential Impact: Message loss and service disruption for applications using the deleted queue.

sqs:PurgeQueue

An attacker could purge all messages from an SQS queue, leading to message loss and potential disruption of applications relying on those messages.
Copy codeaws sqs purge-queue --queue-url <value>
Potential Impact: Message loss and service disruption for applications relying on the purged messages.

sqs:SetQueueAttributes

An attacker could modify the attributes of an SQS queue, potentially affecting its performance, security, or availability.
aws sqs set-queue-attributes --queue-url <value> --attributes <value>
Potential Impact: Misconfigurations leading to degraded performance, security issues, or reduced availability.

sqs:TagQueue , sqs:UntagQueue

An attacker could add, modify, or remove tags from SQS resources, disrupting your organization's cost allocation, resource tracking, and access control policies based on tags.
aws sqs tag-queue --queue-url <value> --tags Key=<key>,Value=<value>
aws sqs untag-queue --queue-url <value> --tag-keys <key>
Potential Impact: Disruption of cost allocation, resource tracking, and tag-based access control policies.

sqs:RemovePermission

An attacker could revoke permissions for legitimate users or services by removing policies associated with the SQS queue. This could lead to disruptions in the normal functioning of applications that rely on the queue.
arduinoCopy codeaws sqs remove-permission --queue-url <value> --label <value>
Potential Impact: Disruption of normal functioning for applications relying on the queue due to unauthorized removal of permissions.
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: