diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md b/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md index 4d45444cd..837e1b3d5 100644 --- a/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md +++ b/src/pentesting-cloud/aws-security/aws-services/aws-relational-database-rds-enum.md @@ -81,6 +81,10 @@ aws rds describe-db-cluster-backtracks --db-cluster-identifier ## Cluster snapshots aws rds describe-db-cluster-snapshots +aws rds describe-db-cluster-snapshots --include-public --snapshot-type public + +## Restore cluster snapshot as new instance +aws rds restore-db-instance-from-db-snapshot --db-cluster-identifier --snapshot-identifier # Get DB instances info aws rds describe-db-instances #username, url, port, vpc, SG, is public? @@ -92,6 +96,7 @@ aws rds describe-db-instance-automated-backups ## Find snapshots aws rds describe-db-snapshots aws rds describe-db-snapshots --include-public --snapshot-type public + ## Restore snapshot as new instance aws rds restore-db-instance-from-db-snapshot --db-instance-identifier --db-snapshot-identifier --availability-zone us-west-2a diff --git a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md index 53d9a6a41..0767e92c5 100644 --- a/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md +++ b/src/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-rds-unauthenticated-enum/README.md @@ -34,6 +34,21 @@ aws rds describe-db-snapshots --snapshot-type public [--region us-west-2] ## snapshots from other accounts used by the current account ``` +## Public RDS Cluster Snapshots + +Similarly, you can look for cluster snapshots + +```bash +# Public RDS cluster snapshots +aws rds describe-db-cluster-snapshots --include-public + +## Search by account ID +aws rds describe-db-cluster-snapshots --include-public --query 'DBClusterSnapshots[?contains(DBClusterSnapshotIdentifier, `284546856933:`) == `true`]' + +# From the own account you can check if there is any public cluster snapshot with: +aws rds describe-db-cluster-snapshots --snapshot-type public [--region us-west-2] +``` + ### Public URL template ```