gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-28 21:53:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

Update aws-ecs-privesc.md

Browse Source
This commit is contained in:
SirBroccoli
2025-08-31 10:06:24 +02:00
committed by GitHub
parent 599d45c50a
commit fd19dc2304
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ecs-privesc.md
View File

@@ -199,7 +199,7 @@ aws ecs run-task \
This scenario is like the previous ones but **without** the **`iam:PassRole`** permission.\
This is still interesting because if you can run an arbitrary container, even if it's without a role, you could **run a privileged container to escape** to the node and **steal the EC2 IAM role** and the **other ECS containers roles** running in the node.\
You could even **force other tasks to run inside the EC2 instance** you compromise to steal their credentials (as discussed in the [**Privesc to node section**](../Job/aws-ecs-privesc.md#privesc-to-node)).
You could even **force other tasks to run inside the EC2 instance** you compromise to steal their credentials (as discussed in the [**Privesc to node section**](aws-ecs-post-exploitation.md#privesc-to-node)).
> [!WARNING]
> This attack is only possible if the **ECS cluster is using EC2** instances and not Fargate.