Scenario: iam_privesc_by_key_rotation

Size: Small
Difficulty: Easy

Command: ./cloudgoat.py create iam_privesc_by_key_rotation

Scenario Resources

3 IAM User
1 IAM Role
1 Secret

Scenario Start(s)

IAM User "manager"

Scenario Goal(s)

Retrieve AWS secret

Summary

Exploit insecure IAM permissions to escalate your access. Start with a role that manages other users credentials and find a weakness in the setup to access the "admin" role. Using the admin role retrieve the flag from secretsmanager.

Walkthrough & Exploitation Routes

Spoiler warning

Starting with the manager user add a tag to the admin user
Delete and add a new access key to the admin user
Create and attach a MFA device to the admin user
Switch to the admin user
Assume the secretsmanager role with MFA
Retrieve the secret

A full cheat_sheet can be found here

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Scenario: iam_privesc_by_key_rotation

Scenario Resources

Scenario Start(s)

Scenario Goal(s)

Summary

Walkthrough & Exploitation Routes

Files

README.md

Latest commit

History

README.md

File metadata and controls

Scenario: iam_privesc_by_key_rotation

Scenario Resources

Scenario Start(s)

Scenario Goal(s)

Summary

Walkthrough & Exploitation Routes