Shulou(Shulou.com)05/31 Report--

This article shows you an example analysis of cloud host accesskey leakage to graphical tool development. The content is concise and easy to understand. It will definitely make you shine. I hope you can gain something through the detailed introduction of this article.

profile

In the process of daily infiltration, we often encounter information leaked out of ALIYUN_ACCESKEYID and ALIYUN_ACCESKEYSECRET (Alibaba Cloud API key), especially debug information of laravel framework. The APP also reveals this information.

overview

Let's talk about what Ali API is used for. The following is the official explanation:

Cloud Virtual Machine (ECS), which can call APIs to manage your cloud resources and develop your own applications.

ECS API supports HTTP or HTTPS network request protocols, allowing GET and POST methods. You can invoke ECS API in the following ways

For details, please refer to Alibaba Cloud official API document: help.aliyun.com/document_detail/25484.html? spm=a2c4g.11186623.6.1276.12244f88jytZ8c

Development ideas 1. Use through Alibaba Cloud SDK

SDK download address: github.com/aliyun/aliyun-openapi-python-sdk

pip install

# Install the core library

pip install aliyun-python-sdk-core

# Install the ECS management library

pip install aliyun-python-sdk-ecs

# Install the RDS management library

pip install aliyun-python-sdk-rds

Call query ecs host

#!/ usr/bin/env python

#coding=utf-8

from aliyunsdkcore.client import AcsClient

from aliyunsdkcore.acs_exception.exceptions import ClientException

from aliyunsdkcore.acs_exception.exceptions import ServerException

from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest

client = AcsClient('', '', 'cn-hangzhou')

request = DescribeInstancesRequest()

request.set_accept_format('json')

response = client.do_action_with_exception(request)

# python2: print(response)

print(str(response, encoding='utf-8'))

creation command

#!/ usr/bin/env python

#coding=utf-8

from aliyunsdkcore.client import AcsClient

from aliyunsdkcore.acs_exception.exceptions import ClientException

from aliyunsdkcore.acs_exception.exceptions import ServerException

from aliyunsdkecs.request.v20140526.CreateCommandRequest import CreateCommandRequest

client = AcsClient('', '', 'cn-hangzhou')

request = CreateCommandRequest()

request.set_accept_format('json')

response = client.do_action_with_exception(request)

# python2: print(response)

print(str(response, encoding='utf-8'))

A cloud assistant command id is returned, and the result is:

{

"RequestId": "E69EF3CC-94CD-42E7-8926-F133B86387C0",

"CommandId": "c-7d2a745b412b4601b2d47f6a768d3a14"

}

execution command

#!/ usr/bin/env python

#coding=utf-8

from aliyunsdkcore.client import AcsClient

from aliyunsdkcore.acs_exception.exceptions import ClientException

from aliyunsdkcore.acs_exception.exceptions import ServerException

from aliyunsdkecs.request.v20140526.InvokeCommandRequest import InvokeCommandRequest

client = AcsClient('', '', 'cn-hangzhou')

request = InvokeCommandRequest()

request.set_accept_format('json')

response = client.do_action_with_exception(request)

# python2: print(response)

print(str(response, encoding='utf-8'))

return results

{

"RequestId": "E69EF3CC-94CD-42E7-8926-F133B86387C0",

"InvokeId": "t-7d2a745b412b4601b2d47f6a768d3a14"

}

The security group section is omitted, according to the API documentation

2. Use via GET/POST

Let's talk about common request parameters first

name

type

essential or not

described

Action

String

is

Name of API. See API Overview for values.

AccessKeyId

String

is

Access key ID. AccessKey is used to invoke APIs, and user password is used to log into ECS admin console.

Signature

String

is

Your signature. For values, see Signature Mechanism.

SignatureMethod

String

is

Signature method. Value: HMAC-SHA1

SignatureVersion

String

is

Signature algorithm version. Value: 1.0

SignatureNonce

String

is

Signature unique random number. To prevent network replay attacks, it is recommended that you use a different random number for each request.

Timestamp

String

is

Timestamp of the request. It is expressed according to ISO8601 and requires UTC time in the format y-MM-ddTHH:mm:ssZ. Example: 2018-01-01T12:00:00Z means 20:00:00 on January 1, 2018 Beijing time.

Version

String

is

API version number in the format Y-MM-DD. Value: May 26, 2014

Format

String

no

Returns the language type of the parameter. Value range:

· json

· xml

Default: xml

2.1 GET request

https://ecs.aliyuncs.com/? Action=DescribeInstanceStatus

&RegionId=cn-hangzhou

&PageSize=1

&PageNumber=1

&InstanceId.1=i-bp1j4i2jdf3owlhe****

&

XML return format:

1

Running

i-bp1j4i2jdf3owlhe****

58

1

746C3444-9A24-4D7D-B8A8-DCBF7AC8BD66

JSON Return Format

{

"PageNumber": 1,

"InstanceStatuses": {

"InstanceStatus": [

{

"Status": "Running",

"InstanceId": "i-bp1j4i2jdf3owlhe****"

}

]

},

"TotalCount": 58,

"PageSize": 1,

"RequestId": "746C3444-9A24-4D7D-B8A8-DCBF7AC8BD66"

}

2.2 POST request

POST / HTTP/1.1

Host: ecs.aliyuncs.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

Content-Length: 0

Action=DescribeInstanceStatus&RegionId=cn-hangzhou&PageSize=1&PageNumber=1&InstanceId.1=i-bp1j4i2jdf3owlhe****&

Return the same way as GET

tool uses

Graphic interface, nothing to say. I believe you all understand this by attaching a screenshot.

The above content is an example analysis of cloud host accesskey leakage to graphical tool development. Have you learned knowledge or skills? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.