hacktricks-cloud/src/pentesting-cloud/aws-security/aws-persistence/aws-lightsail-persistence/README.md

AWS - Lightsail Persistence

{{#include ../../../../banners/hacktricks-training.md}}

Lightsail

For more information check:

{{#ref}} ../../aws-services/aws-lightsail-enum.md {{#endref}}

Download Instance SSH keys & DB passwords

They won't be changed probably so just having them is a good option for persistence

Backdoor Instances

An attacker could get access to the instances and backdoor them:

• Using a traditional rootkit for example
• Adding a new public SSH key
• Expose a port with port knocking with a backdoor

DNS persistence

If domains are configured:

• Create a subdomain pointing your IP so you will have a subdomain takeover
• Create SPF record allowing you to send emails from the domain
• Configure the main domain IP to your own one and perform a MitM from your IP to the legit ones

{{#include ../../../../banners/hacktricks-training.md}}