Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS IAM Privilege Escalation Methods

95dc04de5f5eca79b14a48ebcdaf43cf?s=47 Pralhad Chaskar
July 26, 2019
Technology
0
170

AWS IAM Privilege Escalation Methods

Presented at null Dubai Meet 26 July 2019 Monthly Meet

95dc04de5f5eca79b14a48ebcdaf43cf?s=128

Pralhad Chaskar

July 26, 2019
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
250
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
310
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
1.1k
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
130
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
100
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
1
81
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
430
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
250
95dc04de5f5eca79b14a48ebcdaf43cf?s=48 c0d3xpl0it
0
130

Other Decks in Technology

See All in Technology
49f49940f0831a426745c028684bcdad?s=48 hatena
1
2.8k
8a1af77e438c19487b710e1f0ec95df3?s=48 ushigai
0
260
4f43f9f4dc4cc2897841877e8f7b032f?s=48 cielan
1
290
C0ed34c2bad05c45fbf4ed4d3e73d70b?s=48 hi120ki
0
310
3318abf64ba11ee70d4f5dee62051801?s=48 tagucch
0
150
97d180294474e9df01503148f3b11f39?s=48 lambda
0
2.9k
Fb925cff494f6a5158a461493be48066?s=48 yuzutas0
1
1k
06986333d704c400f7a2053994058e6e?s=48 cmtamai
0
410
325ce6fcd0a74ff78990b8632817da55?s=48 yukihirochiba
0
1.3k
439d941a6e41920af9bf4d5bd5f97e3a?s=48 nghialv
0
140
6eb87371ba9a9bb7767af80a5c9f5306?s=48 yhana
0
10k
4c8dc0add99b3ba830fc28453a895ab7?s=48 suzukij1028
0
260

Featured

See All Featured
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
91
8.9k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
196
17k
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
294
28k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
193
9k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
25
930
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
396
61k
828ace851b606e1206900f26459f55ad?s=48 speakerdeck
PRO
2
380
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
255
20k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
594
210k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
235
960k
79acae287842acf29084005533a7fb3b?s=48 hursman
111
9.5k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
348
27k

Transcript

  1. AWS IAM Privilege Escalation Methods Pralhad Chaskar (@c0d3xpl0it)

  2. None

  3. Recap of AWS • ACCESS_KEYS → Identifier of the user

    in account • SECRET_ACCESS_KEY → Password needed to authenticate • SESSION_TOKEN → Security Token • AWS CLI → Console client written in python that allows a user to interact with the different services offered by AWS

  4. Permission Policies

  5. Privilege Escalation in the cloud • Misconfiguration of identity and

    access management (IAM) policies • Manipulation of APIs • Cloud provider vulnerabilities https://searchcloudsecurity.techtarget.com/tip/3-reasons-privilege-escalation-in-the-cloud-works

  6. For Auditors/Pentesters/BlueTeamer Take one user per role in order to

    check Privilege Escalation possibility and feed the ACCESS_KEYS, SECRET_ACCESS_KEY, SESSION_TOKEN to below demo’ed tools.

  7. AWS_ESCALATE.py https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/aws_escalate

  8. PACU • Pacu is an open source AWS exploitation framework,

    designed for offensive security testing against cloud environments. Below are some capabilities/modules • RECON_UNAUTH • ENUM • ESCALATE (run iam__privesc_scan) • LATERAL_MOVE • EXPLOIT • PERSIST • EXFIL • EVADE https://github.com/RhinoSecurityLabs/pacu
  9. None

  10. Demo

  11. References • https://github.com/RhinoSecurityLabs/Cloud-Security- Research/tree/master/AWS/aws_escalate • https://github.com/RhinoSecurityLabs/pacu/wiki/Module-Details • https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation

  12. None