Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/documentation/modules/auxiliary/cloud/aws/enum_ssm.md
Views: 11655
Vulnerable Application
Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API (nominally, privileged out of the box). This module provides not only the API enumeration identifying EC2 instances accessible via SSM with given credentials, but enables session initiation for all identified targets (without requiring target-level credentials) using the CreateSession datastore option. The module also provides an EC2 ID filter and a limiting throttle to prevent session stampedes or expensive messes.
Verification Steps
Obtain AWS access keys
Start msfconsole
Set the
ACCESS_KEY_ID,SECRET_ACCESS_KEY,REGIONRun the module, see EC2 instances
Options
LIMIT
Only return the specified number of results from each region.
FILTER_EC2_ID
Look for specific EC2 instance ID.
REGION
AWS Region (e.g. "us-west-2").
Advanced Options
CreateSession
Create a new session for every successful login.
Scenarios
Enumerating EC2 instances in the US-East-2 region and opening a session on each one (CreateSession is True).