search

EBS - Elastic Block Store

EBS Enumeration and Exploitation

A block storage system used to store persistent data. used for EC2 instances.

hashtag
Enumeration

Information about EBS volumes

aws ec2 describe-volumes

All available EBS snapshots

aws ec2 describe-snapshots --owner-ids self
aws ec2 describe-snapshots --owner-ids [account-id] --region [region]
aws ec2 describe-snapshots --owner-ids <owner id> --query "Snapshots[*].[SnapshotId, VolumeId, StartTime]" --output table --region <region>

Create volume permissions - Enumerates the createVolumePermission attribute, which can allow copying of the snapshot into a new volume controlled by the attacker

The value of Group is set to all. This reveals that it is a publicly accessible snapshot and any AWS user will be able to create a volume from this public snapshot into their AWS Account.

Enumerate public snapshots

hashtag
Data Exfiltation

circle-check

Can also be done using the AWS Console

Create a snapshot of the specified volume

Describe all the available EBS snapshots

Create a volume from snapshots

Describe ec2 instances

Attach specified volume to the ec2-instance

Mount volume on EC2 file system

See Exploit snapshot - EC2

EC2 - Elastic Compute Cloudchevron-right

hashtag
Interesting Book

Interesting Bookschevron-right
circle-info

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

PreviousDynamoDBNextAMI

Last updated