Merge pull request #217 from JaimePolop/master

KMS DOS explanation
f
2025-12-08 22:00:47 -08:00 · 2025-10-01 12:22:35 +02:00 · 2025-10-01 12:00:16 +02:00 · 2025-10-01 11:58:25 +02:00 · 2025-10-01 11:54:20 +02:00 · 2025-10-01 11:53:59 +02:00
4 changed files with 12 additions and 5 deletions
--- a/.github/workflows/build_master.yml
+++ b/.github/workflows/build_master.yml
@@ -46,7 +46,7 @@ jobs:
      - name: Publish search index release asset
        shell: bash
        env:
-          PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          set -euo pipefail

@@ -59,7 +59,7 @@ jobs:
            exit 1
          fi

-          TOKEN="${PAT_TOKEN:-${GITHUB_TOKEN:-}}"
+          TOKEN="${GITHUB_TOKEN}"
          if [ -z "$TOKEN" ]; then
            echo "No token available for GitHub CLI" >&2
            exit 1
--- a/.github/workflows/translate_all.yml
+++ b/.github/workflows/translate_all.yml
@@ -107,7 +107,7 @@ jobs:
            fi
          done

-          echo "Files to translate:"
+          echo "Files to translate (`wc -l < /tmp/file_paths.txt`):"
          cat /tmp/file_paths.txt
          echo ""
          echo ""
@@ -147,7 +147,7 @@ jobs:
      - name: Publish search index release asset
        shell: bash
        env:
-          PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          set -euo pipefail

@@ -160,7 +160,7 @@ jobs:
            exit 1
          fi

-          TOKEN="${PAT_TOKEN:-${GITHUB_TOKEN:-}}"
+          TOKEN="${GITHUB_TOKEN}"
          if [ -z "$TOKEN" ]; then
            echo "No token available for GitHub CLI" >&2
            exit 1
--- a/src/README.md
+++ b/src/README.md
@@ -60,3 +60,4 @@ Your local copy of HackTricks Cloud will be **available at [http://localhost:337
 ![HackTricks Cloud Github Stats](https://repobeats.axiom.co/api/embed/1dfdbb0435f74afa9803cd863f01daac17cda336.svg)

 {{#include ./banners/hacktricks-training.md}}
+
--- a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-secrets-manager-post-exploitation.md
+++ b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-secrets-manager-post-exploitation.md
@@ -30,6 +30,12 @@ aws secretsmanager put-secret-value \

 ### DoS Change KMS key

+If the attacker has the secretsmanager:UpdateSecret permission, they can configure the secret to use a KMS key owned by the attacker. That key is initially set up in such a way that anyone can access and use it, so updating the secret with the new key is possible. If the key was not accessible, the secret could not be updated.
+
+After changing the key for the secret, the attacker modifies the configuration of their key so that only they can access it. This way, in the subsequent versions of the secret, it will be encrypted with the new key, and since there is no access to it, the ability to retrieve the secret would be lost.
+
+It is important to note that this inaccessibility will only occur in later versions, after the content of the secret changes, since the current version is still encrypted with the original KMS key.
+
 ```bash
 aws secretsmanager update-secret \
    --secret-id MyTestSecret \
Author	SHA1	Message	Date
SirBroccoli	e9003a3050	Merge pull request #217 from JaimePolop/master KMS DOS explanation	2025-10-01 12:22:35 +02:00
carlospolop	50520f6c7d	f	2025-10-01 12:00:16 +02:00
JaimePolop	6411d85ebf	KMS DOS explanation	2025-10-01 11:58:25 +02:00
carlospolop	1b274752fd	f	2025-10-01 11:54:20 +02:00
carlospolop	63f5aa81e3	f	2025-10-01 11:53:59 +02:00
carlospolop	eb7245d3fd	f	2025-10-01 11:50:22 +02:00