{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
For more information check:
{% content-ref url="../aws-services/aws-lightsail-enum.md" %} aws-lightsail-enum.md {% endcontent-ref %}
They won't be changed probably so just having them is a good option for persistence
An attacker could get access to the instances and backdoor them:
- Using a traditional rootkit for example
- Adding a new public SSH key
- Expose a port with port knocking with a backdoor
If domains are configured:
- Create a subdomain pointing your IP so you will have a subdomain takeover
- Create SPF record allowing you to send emails from the domain
- Configure the main domain IP to your own one and perform a MitM from your IP to the legit ones
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.