aws-efs-post-exploitation.md

AWS - EFS Post Exploitation

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

EFS

For more information check:

{% content-ref url="../aws-services/aws-efs-enum.md" %} aws-efs-enum.md {% endcontent-ref %}

elasticfilesystem:DeleteMountTarget

An attacker could delete a mount target, potentially disrupting access to the EFS file system for applications and users relying on that mount target.

aws efs delete-mount-target --mount-target-id <value>

Potential Impact: Disruption of file system access and potential data loss for users or applications.

elasticfilesystem:DeleteFileSystem

An attacker could delete an entire EFS file system, which could lead to data loss and impact applications relying on the file system.

aws efs delete-file-system --file-system-id <value>

Potential Impact: Data loss and service disruption for applications using the deleted file system.

elasticfilesystem:UpdateFileSystem

An attacker could update the EFS file system properties, such as throughput mode, to impact its performance or cause resource exhaustion.

aws efs update-file-system --file-system-id <value> --provisioned-throughput-in-mibps <value>

Potential Impact: Degradation of file system performance or resource exhaustion.

elasticfilesystem:CreateAccessPoint and elasticfilesystem:DeleteAccessPoint

An attacker could create or delete access points, altering access control and potentially granting themselves unauthorized access to the file system.

aws efs create-access-point --file-system-id <value> --posix-user <value> --root-directory <value>
aws efs delete-access-point --access-point-id <value>

Potential Impact: Unauthorized access to the file system, data exposure or modification.

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}