gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-31 07:00:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

arte-courtneybell-corrections

Browse Source 
Minor fixes (fix to one command based on testing, 2 typo corrections)
This commit is contained in:
Courtney Bell
2025-04-19 18:38:14 -04:00
parent 9e731ee081
commit a1718ef3d5
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-codebuild-privesc.md
View File

@@ -225,7 +225,7 @@ JSON="{
printf "$JSON" > $REV_PATH
aws codebuild update-project --cli-input-json file://$REV_PATH
aws codebuild update-project --name codebuild-demo-project --cli-input-json file://$REV_PATH
aws codebuild start-build --project-name codebuild-demo-project
```

2
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sns-privesc.md
View File

@@ -28,7 +28,7 @@ An attacker could subscribe or to an SNS topic, potentially gaining unauthorized
aws sns subscribe --topic-arn <value> --protocol <value> --endpoint <value>
```
**Potential Impact**: Unauthorized access to messages (sensitve info), service disruption for applications relying on the affected topic.
**Potential Impact**: Unauthorized access to messages (sensitive info), service disruption for applications relying on the affected topic.
### `sns:AddPermission`

2
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-stepfunctions-privesc.md
View File

@@ -25,7 +25,7 @@ Or you could also go to the API AWS documentation and check each action docs:
### `states:TestState` & `iam:PassRole`
An attacker with the **`states:TestState`** & **`iam:PassRole`** permissions can test any state and pass any IAM role to it without creating or updating an existing state machine, enabling unauthorized access to other AWS services with the roles' permissions. potentially. Combined, these permissions can lead to extensive unauthorized actions, from manipulating workflows to alter data to data breaches, resource manipulation, and privilege escalation.
An attacker with the **`states:TestState`** & **`iam:PassRole`** permissions can test any state and pass any IAM role to it without creating or updating an existing state machine, potentially enabling unauthorized access to other AWS services with the roles' permissions. Combined, these permissions can lead to extensive unauthorized actions, from manipulating workflows to alter data to data breaches, resource manipulation, and privilege escalation.
```bash
aws states test-state --definition <value> --role-arn <value> [--input <value>] [--inspection-level <value>] [--reveal-secrets | --no-reveal-secrets]