gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-31 15:05:44 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #175 from TheToddLuci0/add_credential_process

Browse Source 
Add `credential_process` info
This commit is contained in:
SirBroccoli
2025-04-07 03:04:24 +02:00
committed by GitHub
parent c6c5326731 fb64ce166d
commit a214e36c16
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/pentesting-cloud/aws-security/aws-basic-information/README.md
View File

@@ -397,6 +397,26 @@ aws --profile acc2 ...
If you are looking for something **similar** to this but for the **browser** you can check the **extension** [**AWS Extend Switch Roles**](https://chrome.google.com/webstore/detail/aws-extend-switch-roles/jpmkfafbacpgapdghgdpembnojdlgkdl?hl=en).
#### Automating temporary credentials
If you are exploiting an application which generates temporary credentials, it can be tedious updating them in your terminal every few minutes when they expire. This can be fixed using a `credential_process` directive in the config file. For example, if you have some vulnerable webapp, you could do:
```toml
[victim]
credential_process = curl -d 'PAYLOAD' https://some-site.com
```
Note that credentials _must_ be returned to STDOUT in the following format:
```json
{
"Version": 1,
"AccessKeyId": "an AWS access key",
"SecretAccessKey": "your AWS secret access key",
"SessionToken": "the AWS session token for temporary credentials",
"Expiration": "ISO8601 timestamp when the credentials expire"
}
```
## References
- [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html)