Token za muda haziwezi kuorodheshwa, hivyo kudumisha token ya muda inayofanya kazi ni njia ya kudumisha uvumilivu.
awsstsget-session-token--duration-seconds129600# With MFAawsstsget-session-token \--serial-number <mfa-device-name> \--token-code <code-from-token># Jina la kifaa cha vifaa mara nyingi ni nambari kutoka nyuma ya kifaa, kama GAHT12345678# Jina la kifaa cha SMS ni ARN katika AWS, kama arn:aws:iam::123456789012:sms-mfa/username# Jina la kifaa cha Virtual ni ARN katika AWS, kama arn:aws:iam::123456789012:mfa/username
Role Chain Juggling
Role chaining ni kipengele kinachotambulika cha AWS, mara nyingi hutumiwa kwa ajili ya kudumisha uvumilivu wa siri. Inahusisha uwezo wa kuchukua jukumu ambalo kisha linachukua jingine, huenda ikarejea kwenye jukumu la awali kwa njia ya mzunguko. Kila wakati jukumu linapochukuliwa, uwanja wa muda wa kuisha wa ithibati unarefreshwa. Kwa hivyo, ikiwa majukumu mawili yamewekwa ili kuchukua kila mmoja, mpangilio huu unaruhusu upya wa kudumu wa ithibati.
Unaweza kutumia chombo hiki kudumisha mchakato wa kuchanganya majukumu:
Kumbuka kwamba skripti ya find_circular_trust.py kutoka kwenye hifadhi hiyo ya Github haipati njia zote ambazo mnyororo wa jukumu unaweza kuundwa.
Code ya kufanya Role Juggling kutoka PowerShell
```powershell # PowerShell script to check for role juggling possibilities using AWS CLI
Check for AWS CLI installation
if (-not (Get-Command "aws" -ErrorAction SilentlyContinue)) { Write-Error "AWS CLI is not installed. Please install it and configure it with 'aws configure'." exit }
Function to list IAM roles
function List-IAMRoles { aws iam list-roles --query "Roles[*].{RoleName:RoleName, Arn:Arn}" --output json }
if ($errorCount -gt 0) { Write-Host "$errorCount error(s) occurred during role assumption attempts." } else { Write-Host "No errors occurred. All roles checked successfully." }
Write-Host "Role juggling check complete."
</details>
<div data-gb-custom-block data-tag="hint" data-style='success'>
Jifunze na fanya mazoezi ya AWS Hacking:<img src="../../../.gitbook/assets/image (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1).png" alt="" data-size="line">\
Jifunze na fanya mazoezi ya GCP Hacking: <img src="../../../.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>
</div>