iam:PassRole, codestar:CreateProject
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Kwa ruhusa hizi unaweza kutumia codestar IAM Role kufanya vitendo vya kiholela kupitia cloudformation template.
Ili kutumia hii unahitaji kuunda S3 bucket inayopatikana kutoka kwa akaunti iliyoshambuliwa. Pakia faili inayoitwa toolchain.json
. Faili hii inapaswa kuwa na cloudformation template exploit. Ifuatayo inaweza kutumika kuweka sera inayosimamiwa kwa mtumiaji chini ya udhibiti wako na kumpa ruhusa za admin:
Pia pakia faili hili la empty zip
kwenye bucket:
Kumbuka kwamba bucket yenye faili zote mbili inapaswa kufikiwa na akaunti ya mwathirika.
Kwa vitu vyote viwili kupakiwa sasa unaweza kuendelea na exploitation kwa kuunda mradi wa codestar:
This exploit is based on the Pacu exploit of these privileges: https://github.com/RhinoSecurityLabs/pacu/blob/2a0ce01f075541f7ccd9c44fcfc967cad994f9c9/pacu/modules/iam__privesc_scan/main.py#L1997 On it you can find a variation to create an admin managed policy for a role instead of to a user.
Jifunze & fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze & fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)