Scenario 🧪
Best practices say that we should try to apply IAM policies to groups, and then add users to those groups so that they can inherit permissions. This is a best practice because it helps keep things organized and you can quickly and easily give or remove a user’s permissions by adding them or removing them from a group.
This lab is a great way to showcase why this is a best practice. Even just adding one inline policy to a user can wreak havoc, as you’re about to find out.
This lab has been misconfigured, so exploit it with iam:AddUserToGroup
to grant yourself access to the Secrets Manager service so you can retrieve secrets from that AWS account.
You’ve successfully completed this lab once you’ve submitted the secret value!
Steps
- Using the provided Access Key ID and Secret Access Key, configure your AWS CLI profile
- Using the AWS CLI, identify what permissions your current user has access to and perform general reconnaissance to familiarize yourself with the AWS environment
- Leverage your
iam:AddUserToGroup
permissions to gain access to Secrets Manager - Access Secrets Manager and retrieve the secret value
- Copy/paste it to submit it as the flag
Responses