gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-02-05 03:16:37 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ecb7b8f136d2840fad70d6810fda4b515e021ca3
hacktricks-cloud/src/pentesting-cloud/aws-security/aws-persistence/aws-sqs-persistence.md
Carlos Polop 716aa06779 translate 2
2025-01-01 23:55:27 +01:00

1.2 KiB
Raw Blame History

AWS - SQS Persistence

{{#include ../../../banners/hacktricks-training.md}}

SQS

For more information check:

{{#ref}} ../aws-services/aws-sqs-and-sns-enum.md {{#endref}}

Using resource policy

In SQS you need to indicate with an IAM policy who has access to read and write. It's possible to indicate external accounts, ARN of roles, or even "*".
The following policy gives everyone in AWS access to everything in the queue called MyTestQueue:

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__owner_statement",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": ["SQS:*"],
      "Resource": "arn:aws:sqs:us-east-1:123123123123:MyTestQueue"
    }
  ]
}

Note

You could even trigger a Lambda in the attackers account every-time a new message is put in the queue (you would need to re-put it) somehow. For this follow these instructinos: https://docs.aws.amazon.com/lambda/latest/dg/with-sqs-cross-account-example.html

{{#include ../../../banners/hacktricks-training.md}}

Reference in New Issue View Git Blame Copy Permalink