AWS - Codestar Privesc
Codestar
You can find more information about codestar in:
codestar:CreateProject, codestar:AssociateTeamMemberiam:PassRole
, codestar:CreateProject
iam:PassRole
, codestar:CreateProject
With these permissions you can tumia IAM Role ya codestar kufanya vitendo vya kiholela kupitia cloudformation template. Check the following page:
iam:PassRole, codestar:CreateProjectcodestar:CreateProject
, codestar:AssociateTeamMember
codestar:CreateProject
, codestar:AssociateTeamMember
This technique uses codestar:CreateProject
to create a codestar project, and codestar:AssociateTeamMember
to make an IAM user the mmiliki wa mradi mpya wa CodeStar, ambayo itawapa sera mpya yenye ruhusa chache za ziada.
Ikiwa wewe ni mwanachama wa mradi tayari unaweza kutumia ruhusa codestar:UpdateTeamMember
kuboresha nafasi yako kuwa mmiliki badala ya codestar:AssociateTeamMember
.
Athari Zinazoweza Kutokea: Privesc kwa sera ya codestar iliyoundwa. Unaweza kupata mfano wa sera hiyo katika:
codestar:CreateProject, codestar:AssociateTeamMembercodestar:CreateProjectFromTemplate
codestar:CreateProjectFromTemplate
Unda Mradi Mpya:
Tumia hatua
codestar:CreateProjectFromTemplate
kuanzisha uundaji wa mradi mpya.Baada ya uundaji kufanikiwa, ruhusa inatolewa moja kwa moja kwa
cloudformation:UpdateStack
.Ruhusa hii inahusisha stack inayohusishwa na nafasi ya
CodeStarWorker-<jina la mradi wa kawaida>-CloudFormation
.
Sasisha Stack Inayolengwa:
Kwa ruhusa za CloudFormation zilizotolewa,endelea kusasisha stack iliyoainishwa.
Jina la stack kawaida litafuata moja ya mifumo miwili:
awscodestar-<jina la mradi wa kawaida>-infrastructure
awscodestar-<jina la mradi wa kawaida>-lambda
Jina halisi linategemea template iliyochaguliwa (angalia mfano wa script ya unyakuzi).
Upatikanaji na Ruhusa:
Baada ya sasisho, unapata uwezo uliopewa CloudFormation IAM role iliyounganishwa na stack.
Kumbuka: Hii haipatii moja kwa moja ruhusa kamili za msimamizi. Rasilimali zingine zisizo sahihi ndani ya mazingira zinaweza kuhitajika ili kuongeza ruhusa zaidi.
Kwa maelezo zaidi angalia utafiti wa asili: https://rhinosecuritylabs.com/aws/escalating-aws-iam-privileges-undocumented-codestar-api/. Unaweza kupata unyakuzi katika https://github.com/RhinoSecurityLabs/Cloud-Security-Research/blob/master/AWS/codestar_createprojectfromtemplate_privesc/CodeStarPrivEsc.py
Athari Zinazoweza Kutokea: Privesc kwa nafasi ya cloudformation IAM.
Last updated