ECS: Retrieving Secrets From Task Definitions

In our lab walkthrough series, we go through selected lab exercises on our INE Platform. Subscribe or sign up for a 7-day, risk-free trial with INE and access this lab and a robust library covering the latest in Cyber Security, Networking, Cloud, and Data Science!

Technical difficulty:

|   Novice   |   Beginner   |   Competent   |   Proficient   |   Expert

Amazon Elastic Container Service (Amazon ECS) is a container management service that is extremely scalable and quick. It may be used to start, stop, and manage containers on a cluster. 

Containers in Amazon ECS are described in a task definition ( task definition is required to run Docker containers in Amazon ECS), which you use to run an individual task or a task within a service. In this sense, a service is a configuration that may be used to run and maintain a certain number of tasks in a cluster at the same time.

Task definitions are used to deploy docker containers on ECS. The container configuration such as CPU, memory, environment variables, and secrets can be configured in the task definitions.

Lab Scenario

We have set up the below scenario in our INE labs for our students to practice. The screenshots have been taken from our online lab environment.

Lab Link: ECS: Retrieving secrets from task definitions

Objective

Recover the secrets from the task definition and the running container.

Solution

Step 1: Click the lab link button to get access credentials. Login to the AWS account with these credentials.

Step 2: Search for ECS and navigate to ECS dashboard.

Step 3: Navigate to Clusters and click on “ecs-lab-cluster”. It will list tasks and services in this cluster. 

Step 4: Navigate to the Tasks.

Step 5: Click on the task definition name.

Step 6: Here, search for the container definitions.

Scroll down to find the container definitions.

Step 7: Click on the container name (expand it). It will show the details about the container. 

Successfully got the first flag. 

Flag: 5bcbf1935e31b6fe875fd8d5ff4ca07d 

Step 8: Scroll up and click on the JSON from the tabs. This will list the JSON configuration of the container.

Step 9: Copy or download the JSON data and check the configuration.

Open the json file in a text editor to view the applied configurations.

Container is open at port 8080 and also the flag is present inside the secrets manager. 

The image used by the container is ttyd. Now obtain the public dns URL and append it with :8080. It will give access to the docker container using a ttyd terminal.

Step 10: Click on “Clusters” from the left navigation menu.

Step 11: Click on the Cluster name.

Step 12: Click on the Tasks and then click on the task id.

Step 13: Click on the EC2 instance id.

Step 14: Copy the public DNS and paste it into the browser. 

Step 15: Navigate to the URL by appending “:8080” into it. 

Step 16: Retrieve the flag in the environment variables. 

Command: 

printenv

Flag: 777e84ef2be3549a4949748e29366e4b 

References: 

1. AWS ECS documentation (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html)

Conclusion

Congratulations! In this lab, we successfully retrieved the secrets from the task definition and the running container.

Perform the above tasks hands-on in our lab! Subscribe or sign up for a 7-day, risk-free trial with INE to access this lab and a robust library covering the latest in Cyber Security, Networking, Cloud, and Data Science!