mirror of
https://github.com/HackTricks-wiki/hacktricks-cloud.git
synced 2025-12-23 15:37:53 -08:00
61 lines
3.5 KiB
Markdown
61 lines
3.5 KiB
Markdown
# AWS - Directory Services Privesc
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
## Directory Services
|
|
|
|
For more info about directory services check:
|
|
|
|
{% content-ref url="../aws-services/aws-directory-services-workdocs-enum.md" %}
|
|
[aws-directory-services-workdocs-enum.md](../aws-services/aws-directory-services-workdocs-enum.md)
|
|
{% endcontent-ref %}
|
|
|
|
### `ds:ResetUserPassword`
|
|
|
|
This permission allows to **change** the **password** of any **existent** user in the Active Directory.\
|
|
By default, the only existent user is **Admin**.
|
|
|
|
```
|
|
aws ds reset-user-password --directory-id <id> --user-name Admin --new-password Newpassword123.
|
|
```
|
|
|
|
### AWS Management Console
|
|
|
|
It's possible to enable an **application access URL** that users from AD can access to login:
|
|
|
|
<figure><img src="../../../.gitbook/assets/image (244).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
And then **grant them an AWS IAM role** for when they login, this way an AD user/group will have access over AWS management console:
|
|
|
|
<figure><img src="../../../.gitbook/assets/image (155).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
There isn't apparently any way to enable the application access URL, the AWS Management Console and grant permission
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|