Exploiting the misconfigurations

A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. AWS IAM policies define permissions for an action regardless of the method that you use to perform the operation.

What are we going to learn

This chapter covers how multiple policy versions with overly permissive configuration for an older version leads to privilege escalation and how passrole of EC2 machine leads to privilege escalation.

How to exploit the misconfigurations

These are few assumptions to be made & define a goal for this demo

Because we are demonstrating privilege escalation, we work with the assumption that we have gained access to victim's AWS credentials. These credentials appear to be non-privileged. Our aim is to exploit a mis-configured with the user's policy definition and gain access to employee database.

Exploiting the presence of multiple policy versions

Summary:

Imagine the creds that we have which has a set of permissions to check the set of policy versions & set default policy version.

Exploiting the presence of high privileges to the attached group

Summary:

Now, the user creds we have, we found the user has been in a group. This group has a set of attached policies. We found that these policy has create login & update login profile.

Note

I've demonstrated this practically, I've recorded the video. I'll attach here soon!