ECS: Retrieving Secrets From Task Definitions
In our lab walkthrough series, we go through selected lab exercises on our INE Platform. Subscribe or sign up for a 7-day, risk-free trial with INE and access this lab and a robust library covering the latest in Cyber Security, Networking, Cloud, and Data Science!
| Novice | Beginner | Competent | Proficient | Expert
Amazon Elastic Container Service (Amazon ECS) is a container management service that is extremely scalable and quick. It may be used to start, stop, and manage containers on a cluster.
Containers in Amazon ECS are described in a task definition ( task definition is required to run Docker containers in Amazon ECS), which you use to run an individual task or a task within a service. In this sense, a service is a configuration that may be used to run and maintain a certain number of tasks in a cluster at the same time.
Task definitions are used to deploy docker containers on ECS. The container configuration such as CPU, memory, environment variables, and secrets can be configured in the task definitions.
We have set up the below scenario in our INE labs for our students to practice. The screenshots have been taken from our online lab environment.
Recover the secrets from the task definition and the running container.
Step 1: Click the lab link button to get access credentials. Login to the AWS account with these credentials.
Step 2: Search for ECS and navigate to ECS dashboard.
Step 3: Navigate to Clusters and click on “ecs-lab-cluster”. It will list tasks and services in this cluster.
Step 4: Navigate to the Tasks.
Step 5: Click on the task definition name.
Step 6: Here, search for the container definitions.
Scroll down to find the container definitions.
Step 7: Click on the container name (expand it). It will show the details about the container.
Successfully got the first flag.
Step 8: Scroll up and click on the JSON from the tabs. This will list the JSON configuration of the container.
Step 9: Copy or download the JSON data and check the configuration.
Open the json file in a text editor to view the applied configurations.
Container is open at port 8080 and also the flag is present inside the secrets manager.
The image used by the container is ttyd. Now obtain the public dns URL and append it with :8080. It will give access to the docker container using a ttyd terminal.
Step 10: Click on “Clusters” from the left navigation menu.
Step 11: Click on the Cluster name.
Step 12: Click on the Tasks and then click on the task id.
Step 13: Click on the EC2 instance id.
Step 14: Copy the public DNS and paste it into the browser.
Step 15: Navigate to the URL by appending “:8080” into it.
Step 16: Retrieve the flag in the environment variables.
Congratulations! In this lab, we successfully retrieved the secrets from the task definition and the running container.
Perform the above tasks hands-on in our lab! Subscribe or sign up for a 7-day, risk-free trial with INE to access this lab and a robust library covering the latest in Cyber Security, Networking, Cloud, and Data Science!