From the course: Python: Pen Testing AWS
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Account privilege escalation - Python Tutorial
From the course: Python: Pen Testing AWS
Account privilege escalation
- Going back to our PAC-MAN session. We know Raina has limited capability in the account but let's see if Pacu can escalate our privileges. We'll run I-A-M, underscore, underscore, privesc, scan, and Pacu confirms that we might be able to do that through setting the default policy. We can list the available policies by pressing Enter. By looking through the policies, we can see that version four of the policy has the permissions to allow all actions on all resources. So, we'll select V4 and Pacu confirms that privilege escalation was successful. We now have the ability to do anything on any resource. We can now get Pacu to exfiltrate information for us by using the module run, S3, download, bucket, and Pacu enumerates the S3-buckets and extracts the data, and we'll download the files. Raina now has access to everything in the account. So, there's a lot of files that we can now download. Okay, we found two buckets with read…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
(Locked)
Looking at a weird Python script4m 39s
-
(Locked)
The PACU pen testing framework1m 41s
-
(Locked)
Navigating the PACU console3m 40s
-
(Locked)
Exploring PACU test modules1m 52s
-
(Locked)
Account privilege escalation2m 36s
-
(Locked)
Deploying the ec2_ssrf scenario49s
-
(Locked)
Pen testing Lambda with PACU6m 33s
-
(Locked)
Cleaning up your cloud1m 6s
-
(Locked)
-