gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-15 06:13:16 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ef73ef38483bf38c74c5b4945188bb6a8cf16644
hacktricks-cloud/pentesting-cloud/aws-security/aws-post-exploitation/aws-elastic-beanstalk-post-exploitation.md
Carlos Polop 5ef56bb6b3 Recreating repository history for branch master
2024-12-12 19:35:48 +01:00

122 lines
6.1 KiB
Markdown
Raw Blame History

# AWS - Elastic Beanstalk Post Exploitation
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## Elastic Beanstalk
For more information:
{% content-ref url="../aws-services/aws-elastic-beanstalk-enum.md" %}
[aws-elastic-beanstalk-enum.md](../aws-services/aws-elastic-beanstalk-enum.md)
{% endcontent-ref %}
### `elasticbeanstalk:DeleteApplicationVersion`
{% hint style="info" %}
TODO: Test if more permissions are required for this
{% endhint %}
An attacker with the permission `elasticbeanstalk:DeleteApplicationVersion` can **delete an existing application version**. This action could disrupt application deployment pipelines or cause loss of specific application versions if not backed up.
{% code overflow="wrap" %}
```bash
aws elasticbeanstalk delete-application-version --application-name my-app --version-label my-version
```
{% endcode %}
**Potential Impact**: Disruption of application deployment and potential loss of application versions.
### `elasticbeanstalk:TerminateEnvironment`
{% hint style="info" %}
TODO: Test if more permissions are required for this
{% endhint %}
An attacker with the permission `elasticbeanstalk:TerminateEnvironment` can **terminate an existing Elastic Beanstalk environment**, causing downtime for the application and potential data loss if the environment is not configured for backups.
{% code overflow="wrap" %}
```bash
aws elasticbeanstalk terminate-environment --environment-name my-existing-env
```
{% endcode %}
**Potential Impact**: Downtime of the application, potential data loss, and disruption of services.
### `elasticbeanstalk:DeleteApplication`
{% hint style="info" %}
TODO: Test if more permissions are required for this
{% endhint %}
An attacker with the permission `elasticbeanstalk:DeleteApplication` can **delete an entire Elastic Beanstalk application**, including all its versions and environments. This action could cause a significant loss of application resources and configurations if not backed up.
{% code overflow="wrap" %}
```bash
aws elasticbeanstalk delete-application --application-name my-app --terminate-env-by-force
```
{% endcode %}
**Potential Impact**: Loss of application resources, configurations, environments, and application versions, leading to service disruption and potential data loss.
### `elasticbeanstalk:SwapEnvironmentCNAMEs`
{% hint style="info" %}
TODO: Test if more permissions are required for this
{% endhint %}
An attacker with the `elasticbeanstalk:SwapEnvironmentCNAMEs` permission can **swap the CNAME records of two Elastic Beanstalk environments**, which might cause the wrong version of the application to be served to users or lead to unintended behavior.
{% code overflow="wrap" %}
```bash
aws elasticbeanstalk swap-environment-cnames --source-environment-name my-env-1 --destination-environment-name my-env-2
```
{% endcode %}
**Potential Impact**: Serving the wrong version of the application to users or causing unintended behavior in the application due to swapped environments.
### `elasticbeanstalk:AddTags`, `elasticbeanstalk:RemoveTags`
{% hint style="info" %}
TODO: Test if more permissions are required for this
{% endhint %}
An attacker with the `elasticbeanstalk:AddTags` and `elasticbeanstalk:RemoveTags` permissions can **add or remove tags on Elastic Beanstalk resources**. This action could lead to incorrect resource allocation, billing, or resource management.
{% code overflow="wrap" %}
```bash
aws elasticbeanstalk add-tags --resource-arn arn:aws:elasticbeanstalk:us-west-2:123456789012:environment/my-app/my-env --tags Key=MaliciousTag,Value=1
aws elasticbeanstalk remove-tags --resource-arn arn:aws:elasticbeanstalk:us-west-2:123456789012:environment/my-app/my-env --tag-keys MaliciousTag
```
{% endcode %}
**Potential Impact**: Incorrect resource allocation, billing, or resource management due to added or removed tags.
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
Reference in New Issue View Git Blame Copy Permalink