Back to Course
AWS IAM Privilege Escalation Labs
0% Complete
0/0 Steps
-
Introduction
About this course -
Real-world case studies
-
Useful IAM tips and security tools
-
Introduction to AWS Enumeration[LAB] Getting Started with the AWS CLI
-
[LAB] Introduction to AWS IAM Enumeration
-
[Cheat Sheet] IAM Enumeration CLI Commands
-
[LAB] Introduction to Secrets Manager Enumeration
-
[Cheat Sheet] Secrets Manager Enumeration CLI Commands
-
[LAB] Introduction to Amazon S3 Enumeration
-
iam:CreateAccessKey[LAB] [CTF] iam:CreateAccessKey PrivEsc
-
iam:CreateAccessKey Solution
-
iam:CreateLoginProfile[LAB] [CTF] iam:CreateLoginProfile PrivEsc
-
iam:CreateLoginProfile Solution
-
iam:UpdateLoginProfile[LAB] [CTF] iam:UpdateLoginProfile PrivEsc
-
iam:UpdateLoginProfile Solution
-
iam:SetDefaultPolicyVersion[LAB] [CTF] iam:SetDefaultPolicyVersion PrivEsc
-
iam:SetDefaultPolicyVersion Solution
-
iam:AddUserToGroup[LAB] [CTF] iam:AddUserToGroup PrivEsc
-
iam:AddUserToGroup Solution
-
iam:AttachUserPolicy[LAB] [CTF] iam:AttachUserPolicy PrivEsc
-
iam:AttachUserPolicy Solution
-
iam:AttachGroupPolicy[LAB] [CTF] iam:AttachGroupPolicy PrivEsc
-
iam:AttachGroupPolicy Solution
-
iam:PutUserPolicy[LAB] [CTF] iam:PutUserPolicy PrivEsc
-
iam:PutUserPolicy Solution
-
iam:PutGroupPolicy[LAB] [CTF] iam:PutGroupPolicy PrivEsc
-
iam:PutGroupPolicy Solution
-
iam:AttachRolePolicy[LAB] [CTF] iam:AttachRolePolicy PrivEsc
-
iam:AttachRolePolicy Solution
-
iam:PutRolePolicy[LAB] [CTF] iam:PutRolePolicy PrivEsc
-
iam:PutRolePolicy Solution
-
ChallengesAbout challenges
-
Challenge #1 - Secrets Unleashed
-
Challenge #2 - IAM Escape Room
-
ConclusionWhat did you think of the course?
-
What's next?
Scenario 🧪
The goal of this lab is to exploit the iam:CreateLoginProfile vulnerability to grant yourself permissions that you shouldn’t have access to. You’ve successfully completed this lab once you’ve accessed and downloaded sensitive files containing customer PII in Amazon S3 and submitted the SSN number for “Holly Duncan.”
Steps
- Using the provided Access Key ID and Secret Access Key, configure your AWS CLI profile
- Using the AWS CLI, identify what permissions your current user has access to and perform general reconnaissance to familiarize yourself with the AWS environment
- Gain access to and authenticate as the IAM user ending in
Victim - Using your new permissions, access the S3 bucket containing sensitive data
- Download those files and make sure they contain PII.
- Open the ssn.csv file and copy/paste Holly Duncan’s SSN
Responses