RDS - Relational Database Service

RDS exploitation

Amazon RDS - Relational Database Service

AWS Relational Database Service (RDS) is an easy-to-manage relational database service.

Amazon RDS supports several database instances including:

aws rds describe-db-clusters

aws rds describe-db-instances

aws rds describe-db-snapshots --region <region>

aws rds describe-db-subnet-groups

aws rds describe-db-security-groups

aws rds describe-db-proxies

mysql -h hostname -u username -P port -p password

Bruteforce attack:

The tmpdir variable provides further confirmation that this is an AWS RDS instance

SHOW GLOBAL VARIABLES like 'tmpdir';

Get the database instance connection temporary token from the RDS endpoint

aws rds generate-db-auth-token --hostname [hostname] --port [port] --username [username] --region [region]

Connect to mysql using temporary token

mysql -h hostname -u username -P port --enable-cleartext-plugin --password=$TOKEN

Public snapshots from single RDS database instances that belong to AWS account ID

aws rds describe-db-snapshots --snapshot-type public --include-public --region us-east-1 | grep [account-ID]

Public snapshots from RDS database cluster instances

aws rds describe-db-cluster-snapshots --snapshot-type public --include-public --region us-east-1 | grep [account-ID]

The snapshot can be restored. From the Actions menuin GUI, select Restore snapshot

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Advanced Penetration Testing: Hacking AWS 2 This book delves deeper into analyzing the security of various AWS services and shows techniques and tactics used by an attacker to breach an AWS environment
Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and Cloud

Last updated 1 month ago