gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-28 13:43:24 -08:00
Code Issues Packages Projects Releases Wiki Activity

Support file downloads

Browse Source
This commit is contained in:
Congon4tor
2025-01-03 19:35:15 +01:00
parent 3d1f96fd4a
commit 853e602bc2
3 changed files with 39 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-codestar-privesc/iam-passrole-codestar-createproject.md
View File

@@ -32,7 +32,9 @@ To exploit this you need to create a **S3 bucket that is accessible** from the a
Also **upload** this `empty zip` file to the **bucket**:
{% file src="../../../../images/empty.zip" %}
{{#file}}
empty.zip
{{#endfile}}
Remember that the **bucket with both files must be accessible by the victim account**.
@@ -86,6 +88,3 @@ aws codestar create-project \
This exploit is based on the **Pacu exploit of these privileges**: [https://github.com/RhinoSecurityLabs/pacu/blob/2a0ce01f075541f7ccd9c44fcfc967cad994f9c9/pacu/modules/iam\_\_privesc_scan/main.py#L1997](https://github.com/RhinoSecurityLabs/pacu/blob/2a0ce01f075541f7ccd9c44fcfc967cad994f9c9/pacu/modules/iam__privesc_scan/main.py#L1997) On it you can find a variation to create an admin managed policy for a role instead of to a user.
{{#include ../../../../banners/hacktricks-training.md}}