AWS - RDS Unauthenticated Enum

Jifunze na ufanye mazoezi ya Udukuzi wa AWS:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na ufanye mazoezi ya Udukuzi wa GCP: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mipango ya usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuate kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwenye HackTricks na HackTricks Cloud github repos.

RDS

Kwa maelezo zaidi angalia:

AWS - Relational Database (RDS) Enum

Public Port

Inawezekana kutoa ufikiaji wa umma kwa hifadhidata kutoka kwenye mtandao. Mshambuliaji bado atahitaji kujua jina la mtumiaji na nenosiri, ufikiaji wa IAM, au exploit ili kuingia kwenye hifadhidata.

Public RDS Snapshots

AWS inaruhusu kutoa ufikiaji kwa yeyote kupakua RDS snapshots. Unaweza kuorodhesha hizi public RDS snapshots kwa urahisi kutoka kwenye akaunti yako mwenyewe:

# Public RDS snapshots
aws rds describe-db-snapshots --include-public

## Search by account ID
aws rds describe-db-snapshots --include-public --query 'DBSnapshots[?contains(DBSnapshotIdentifier, `284546856933:`) == `true`]'
## To share a RDS snapshot with everybody the RDS DB cannot be encrypted (so the snapshot won't be encryted)
## To share a RDS encrypted snapshot you need to share the KMS key also with the account


# From the own account you can check if there is any public snapshot with:
aws rds describe-db-snapshots --snapshot-type public [--region us-west-2]
## Even if in the console appear as there are public snapshot it might be public
## snapshots from other accounts used by the current account

Public URL template

https://rds.amazonaws.com/<API_VERSION>?Action=<ACTION_NAME>&<REQUEST_PARAMETERS>

Maelezo

Unaweza kutumia URL ya umma ya RDS kufanya maombi ya API bila uthibitisho. Hii inaweza kuruhusu washambuliaji kupata taarifa za hifadhidata zako.

Hatua za Kuzuia

Zuia Upatikanaji wa Umma: Hakikisha RDS yako haipatikani kwa umma.
Tumia VPC: Weka RDS yako ndani ya VPC ili kuzuia upatikanaji wa nje.
Sasisha Mara kwa Mara: Hakikisha unafanya sasisho za mara kwa mara ili kufunga mianya ya usalama.

mysql://{user_provided}.{random_id}.{region}.rds.amazonaws.com:3306
postgres://{user_provided}.{random_id}.{region}.rds.amazonaws.com:5432

Jifunze na kufanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na kufanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mipango ya usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuate kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwenye HackTricks na HackTricks Cloud repos za github.

PreviousAWS - MSK Unauthenticated Enum NextAWS - Redshift Unauthenticated Enum

Last updated 1 month ago