EBS - Elastic Block Store
EBS Enumeration and Exploitation
A block storage system used to store persistent data. used for EC2 instances.
Enumeration
Information about EBS volumes
aws ec2 describe-volumesAll available EBS snapshots
aws ec2 describe-snapshots --owner-ids self
aws ec2 describe-snapshots --owner-ids [account-id] --region [region]aws ec2 describe-snapshots --owner-ids <owner id> --query "Snapshots[*].[SnapshotId, VolumeId, StartTime]" --output table --region <region>
Create volume permissions - Enumerates the createVolumePermission attribute, which can allow copying of the snapshot into a new volume controlled by the attacker
The value of Group is set to all. This reveals that it is a publicly accessible snapshot and any AWS user will be able to create a volume from this public snapshot into their AWS Account.
Enumerate public snapshots
Data Exfiltation
Can also be done using the AWS Console
Create a snapshot of the specified volume
Describe all the available EBS snapshots
Create a volume from snapshots
Describe ec2 instances
Attach specified volume to the ec2-instance
Mount volume on EC2 file system
See Exploit snapshot - EC2
EC2 - Elastic Compute CloudInteresting Book
Interesting BooksAdvanced Penetration Testing: Hacking AWS 2 This book delves deeper into analyzing the security of various AWS services and shows techniques and tactics used by an attacker to breach an AWS environment
Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and Cloud
Last updated