Scenario 🧪
AWS provides managed policies that anyone with an AWS account can assign and use as long as they have iam:AttachUserPolicy
permissions. There are over a thousand of these managed policies that vary from providing read-only access to full administrative access.
This lab has been misconfigured, so exploit it with iam:AttachUserPolicy
to grant yourself Secrets Manager permissions.
You’ve successfully completed this lab once you’ve submitted the secret as the flag!
Tips 🕵️♂️
Tip #1: As labs start to get a bit more challenging, they will likely take you more than 40 minutes. Having to start over with a fresh new lab will encourage you to take good notes along the way. You could even potentially create terminal aliases or simple scripts to make things go faster. Use the time limit restriction as a learning opportunity and don’t let it get in the way of you solving the labs! This will prepare you for the final Challenges.
Tip #2: AWS documentation provides a full list of managed policies. While there are over 1,000 policies, there aren’t many specifically related to this lab’s scenario, so don’t get overwhelmed and use that knowledge to help narrow it down 🙂
Steps
- Using the provided Access Key ID and Secret Access Key, configure your AWS CLI profile
- Using the AWS CLI, identify what permissions your current user has access to and perform general reconnaissance to familiarize yourself with the AWS environment
- Leverage your
iam:AttachUserPolicy
permissions to gain access to Secrets Manager - Access Secrets Manager and retrieve the secret value
- Copy/paste it and submit it as the flag
Responses