AWS Relational Database Service (RDS) often hosts the most crucial and sensitive data that is relevant to a specific application. Hence, there is a strong need to focus on identifying exposed AWS RDS instances to enumerate access, and subsequently the data stored in the database instance. This chapter focuses on explaining the process of setting up a sample RDS instance and connecting it to a WordPress instance in both a secure and insecure way. In addition to this, we will focus on gaining access to an exposed database, as well as the identification and exfiltration of sensitive data from this database.

In this chapter, we will cover the following topics:

• Setting up an RDS instance and connecting it to an EC2 instance
• Identifying and enumerating exposed RDS instances using Nmap
• Exploitation and data extraction from a vulnerable RDS instance