{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
For more information check:
{% content-ref url="../aws-services/aws-sns-enum.md" %} aws-sns-enum.md {% endcontent-ref %}
An attacker could send malicious or unwanted messages to the SNS topic, potentially causing data corruption, triggering unintended actions, or exhausting resources.
aws sns publish --topic-arn <value> --message <value>
Potential Impact: Vulnerability exploitation, Data corruption, unintended actions, or resource exhaustion.
An attacker could subscribe or to an SNS topic, potentially gaining unauthorized access to messages or disrupting the normal functioning of applications relying on the topic.
{% code overflow="wrap" %}
aws sns subscribe --topic-arn <value> --protocol <value> --endpoint <value>
{% endcode %}
Potential Impact: Unauthorized access to messages (sensitve info), service disruption for applications relying on the affected topic.
An attacker could grant unauthorized users or services access to an SNS topic, potentially getting further permissions.
aws sns add-permission --topic-arn <value> --label <value> --aws-account-id <value> --action-name <value>
Potential Impact: Unauthorized access to the topic, message exposure, or topic manipulation by unauthorized users or services, disruption of normal functioning for applications relying on the topic.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.