AWS - IAM Persistence
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
For more information access:
AWS - IAM, Identity Center & SSO EnumCreate a user
Add a controlled user to a privileged group
Create access keys (of the new user or of all users)
Grant extra permissions to controlled users/groups (attached policies or inline policies)
Disable MFA / Add you own MFA device
Create a Role Chain Juggling situation (more on this below in STS persistence)
You could backdoor a trust policy to be able to assume it for an external resource controlled by you (or to everyone):
Give Administrator permissions to a policy in not its last version (the last version should looks legit), then assign that version of the policy to a controlled user/group.
If the account is already trusting a common identity provider (such as Github) the conditions of the trust could be increased so the attacker can abuse them.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)