Skip to content

Latest commit

 

History

History
59 lines (38 loc) · 3.19 KB

aws-lightsail-persistence.md

File metadata and controls

59 lines (38 loc) · 3.19 KB

AWS - Lightsail Persistence

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Lightsail

For more information check:

{% content-ref url="../aws-services/aws-lightsail-enum.md" %} aws-lightsail-enum.md {% endcontent-ref %}

Download Instance SSH keys & DB passwords

They won't be changed probably so just having them is a good option for persistence

Backdoor Instances

An attacker could get access to the instances and backdoor them:

  • Using a traditional rootkit for example
  • Adding a new public SSH key
  • Expose a port with port knocking with a backdoor

DNS persistence

If domains are configured:

  • Create a subdomain pointing your IP so you will have a subdomain takeover
  • Create SPF record allowing you to send emails from the domain
  • Configure the main domain IP to your own one and perform a MitM from your IP to the legit ones

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}