Scenario 🧪
This lab is very similar to iam:CreateLoginProfile
except instead of creating a login profile, if a user already has a login profile created, we can use UpdateLoginProfile
to the same effect.
To make it less repetitive, we increased the difficulty just a little bit by adding a couple more steps that you will need to complete this lab! You’ve captured the flag when you’ve downloaded sensitive S3 data and submitted Joshua Lee’s credit card number from the customers.txt file.
Steps
- Using the provided Access Key ID and Secret Access Key, configure your AWS CLI profile
- Using the AWS CLI, identify what permissions your current user has access to and perform general reconnaissance to familiarize yourself with the AWS environment
- Identify which user has the permissions you need to access S3
- Gain access to and authenticate as the correct IAM user
- Using your new permissions, access the S3 bucket containing sensitive data
- Download those files and make sure they contain PII.
- Submit the flag by copy/pasting Joshua Lee’s credit card number from the customers.txt file
Not sure what I am doing wrong but I am only showing the allowed policies with no explicit denies, and get iam-updateloginprofile-privesc-1702564203600-Attacker is not authorized to perform when attempting to run the UpdateLoginProfile command.
That’s my bad, I pushed an update to this lab that broke it. I’ve fixed it and you should be good to go now!
Thanks Chris!