Swahili - Ht Cloud
HackTricks TrainingTwitterLinkedinSponsor

AWS - Secrets Manager Persistence

Support HackTricks

Usimamizi wa Siri

Kwa maelezo zaidi angalia:

Kupitia Sera za Rasilimali

Inawezekana kutoa ufikiaji wa siri kwa akaunti za nje kupitia sera za rasilimali. Angalia ukurasa wa Privesc wa Usimamizi wa Siri kwa maelezo zaidi. Kumbuka kwamba ili kufikia siri, akaunti ya nje pia itahitaji ufikiaji wa funguo za KMS zinazoficha siri.

Kupitia Lambda ya Kugeuza Siri

Ili kugeuza siri kiotomatiki, Lambda iliyowekwa inaitwa. Ikiwa mshambuliaji angeweza kubadilisha kod yake anaweza moja kwa moja kuhamasisha siri mpya kwake mwenyewe.

Hii ndiyo jinsi kod ya lambda kwa hatua kama hiyo inaweza kuonekana:

import boto3

def rotate_secrets(event, context):
# Create a Secrets Manager client
client = boto3.client('secretsmanager')

# Retrieve the current secret value
secret_value = client.get_secret_value(SecretId='example_secret_id')['SecretString']

# Rotate the secret by updating its value
new_secret_value = rotate_secret(secret_value)
client.update_secret(SecretId='example_secret_id', SecretString=new_secret_value)

def rotate_secret(secret_value):
# Perform the rotation logic here, e.g., generate a new password

# Example: Generate a new password
new_secret_value = generate_password()

return new_secret_value

def generate_password():
# Example: Generate a random password using the secrets module
import secrets
import string
password = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(16))
return password
Support HackTricks
PreviousAWS - SNS PersistenceNextAWS - SQS Persistence

Last updated