Back to Course

Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT

0% Complete
0/0 Steps
  1. Introduction

    About the course and author
  2. About using CloudGoat, Pacu, and ChatGPT
  3. Who this course is for
  4. Important quick note on AWS resource pricing
  5. [LAB] Create a billing alert to avoid surprise bills
  6. We want your feedback
  7. Setting up our lab environment
    Read this before installing Pacu/CloudGoat!
  8. [DEMO] Pacu [Option #1] Install with pip [Recommended]
  9. [DEMO] Pacu [Option #2] Use with Docker
  10. [DEMO] CloudGoat [Option #1] Install with Git
  11. [DEMO] CloudGoat [Option #2] Running with Docker
  12. [DEMO] Configuring AWS access credentials for CloudGoat
  13. [DEMO] Configuring AWS access credentials
  14. Getting started with Pacu
    Pacu Quick Start Guide
  15. IAM Privilege Escalation by Misconfiguration (Small / Easy)
    Scenario overview
  16. [DEMO] Admin privilege escalation demonstration
  17. [DEMO] Cleaning up our lab environment
  18. Vulnerable Lambda (Small / Easy)
    Scenario overview
  19. [DEMO] Creating our lab environment
  20. [DEMO] Exploiting vulnerable Lambda functions for admin access
  21. [DEMO] Cleaning up our lab environment
  22. [Cheat Sheet] Solution steps (CLI)
  23. [LAB] [CTF] Lambda SQLi PrivEsc to Access Secret
  24. IAM Privilege Escalation by Rollback (Small / Easy)
    Scenario overview
  25. [DEMO] Exploiting IAM versions
  26. [DEMO] Cleaning up our lab environment
  27. [Cheat Sheet] Solution steps (CLI)
  28. [LAB] [CTF] PrivEsc via IAM Version Rollback
  29. Cloud Breach via S3 (Small / Moderate)
    Scenario walkthrough
  30. [LAB] [DEMO] Exploiting EC2 to reach S3
  31. Preventing this exploit
  32. Cleaning up our lab environment
  33. [Cheat Sheet] Solution steps (CLI)
  34. IMDSv2 Compromise (SMALL / MODERATE)
    Scenario walkthrough
  35. [LAB] Compromise EC2 IMDSv2 with RCE
  36. [Cheat Sheet] Solutions Steps (CLI)
  37. ECS Takeover (Medium / Moderate)
    Scenario walkthrough
  38. [DEMO] ECS RCE exploit to get credentials
  39. [DEMO] ECS Takeover
  40. [DEMO] Cleaning up our lab environment
  41. [Cheat Sheet] Solution steps (CLI)
  42. Wrap-up and Key Takeaways
    What's next?
  43. We want your feedback
Lesson 44 of 43
In Progress

Pacu [Option #3] Install without Git

Christophe August 27, 2023

The final installation method I’ll show you is how to install it from the GitHub repo, but without using Git. This is not my favorite method and I’d recommend the prior methods instead, but if it works for you then feel free to use it!

You’ll download Pacu as an archive file by using this command:

curl "$(curl https://api.github.com/repos/RhinoSecurityLabs/pacu/releases/latest|grep zipball_url|awk '{print $2}'|tr -d '",') > pacu.zip
Code language: PHP (php)

This is using the utility curl to download the zip archive to your computer.

You’ll then run this command:

mv RhinoSecurityLabs-pacu-7676225 pacu && cd pacu

…and then just like in the prior option, you will run:

cd pacu && pip install -r requirements.txt

To install its pip dependencies.

My pip setup is so messed up that this doesn’t work, but if it works for you, you should be able to run ./clip.py to start Pacu.

Again, not my favorite installation method, but if none of the other options work or if you need to do it this way for any other reason, you have the option.

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.