What is AWS Lambda?
Lets Start :-
While performing an API pentesting, I found that one of the endpoint having parameter URL, which is vulnerable to Local File Inclusion vulnerability.
Local File Inclusion:
Local File Inclusion (LFI) is a type of web application vulnerability that allows an attacker to include and execute arbitrary files on the web server. Exploiting this vulnerability involves the attacker supplying a malicious file path as a parameter, potentially pointing to a local file on the server. This exploit enables the attacker to access sensitive data, like configuration files or user credentials, execute arbitrary code, and potentially seize full control of the server.
Once I found that endpoint is vulnerable to LFI, I tried to read sensitive file from the server such as /etc/passwd file. I was successfully able to read it.
As I know the endpoint is using Lambda function, I tired to access environment variable to see if any credentials are presented. After successfully execution, I saw that AWS Access key and token is presented.
Exported the AWS secret key and session token in the AWS CLI.
Once the keys are exported, I run below command to check the details of IAM user or which user these keys are belongs to.
aws sts get-caller-identity
Above command is successfully executed and I got the user details, account number and ARN details.
After this, I run the command to check attached policies.
Extract the policy details
This is how I successfully exploited AWS Lambda function.
No comments:
Post a Comment