gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-14 22:03:11 -08:00
Code Issues Packages Projects Releases Wiki Activity

Update URLs

Browse Source
This commit is contained in:
Jimmy
2025-01-10 16:34:21 +01:00
parent 37bf365f5b
commit 833b571498
35 changed files with 51 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ec2-ebs-ssm-and-vpc-post-exploitation/README.md
View File

@@ -113,7 +113,7 @@ One of the scenarios where this is useful is pivoting from a [Bastion Host](http
aws ssm start-session --target "$INSTANCE_ID"
```
3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#abusing-ssrf-in-aws-ec2-environment) script
3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#abusing-ssrf-in-aws-ec2-environment) script
4. Transfer the credentials to your own machine in the `$HOME/.aws/credentials` file as `[bastion-ec2]` profile
5. Log in to EKS as the Bastion EC2:

2
src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecr-post-exploitation.md
View File

@@ -51,7 +51,7 @@ aws ecr get-download-url-for-layer \
After downloading the images you should **check them for sensitive info**:
{{#ref}}
https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics
https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.html
{{#endref}}
### `ecr:PutLifecyclePolicy` | `ecr:DeleteRepository` | `ecr-public:DeleteRepository` | `ecr:BatchDeleteImage` | `ecr-public:BatchDeleteImage`

2
src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecs-post-exploitation.md
View File

@@ -16,7 +16,7 @@ In ECS an **IAM role can be assigned to the task** running inside the container.
Which means that if you manage to **compromise** an ECS instance you can potentially **obtain the IAM role associated to the ECR and to the EC2 instance**. For more info about how to get those credentials check:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
> [!CAUTION]