Hacking in the Cloud - iam_privesc_by_attachment

1 min read Nov 12, 2022

Hacking in the Cloud - iam_privesc_by_attachment

0xd4y in Videos Cloudgoat AWS IAM EC2

We start off as a fairly high-privileged user who can perform multiple IAM and EC2 API calls. Using these permissions, it was possible to obtain full control over the AWS account by creating an EC2 instance with a high-privileged instance profile.

00:00 - Video context
01:07 - Configuring profile & AWSealion
03:31 - Enumerating environment
05:25 - Finding privesc pathway
07:31 - Starting EC2 instance creation process
11:35 - Modifying instance profile
16:53 - Creating EC2 instance
18:41 - SSH to instance
19:54 - Configuring AWS CLI
22:28 - Enumerating “mighty” role permissions
23:28 - Discussing the misconfiguration & remediation

1 min read Feb 4, 2023

Hacking in the Cloud - rce_web_app

The objective of this scenario was to gain access to an RDS instance. We were provided with the credentials of two different users, and exploited this AWS environment in two different ways.

0xd4y in Videos Cloudgoat Walkthrough EC2 RDS AWS

1 min read Dec 10, 2022

Hacking in the Cloud - ecs_takeover

We gain access to the targeted AWS account by finding an SSRF and RCE vulnerability on an AWS-hosted webapp. We then pivot to other containers and use the metdata credentialso f both the compromised EC2 instance and other docker containers to obtain elevated access within the AWS workload.

0xd4y in Videos Cloudgoat AWS RCE EC2 ECS

1 min read Nov 25, 2022

Hacking in the Cloud - ec2_ssrf

As a low-privileged user, we compromised multiple other users and moved laterally within the environment. We then found a vulnerable EC2 instance which, when exploited, revealed the credentials for the role of the instance profile, which contained permissions to list and download credentials from a confidential S3 bucket.

0xd4y in Videos Cloudgoat AWS IAM EC2 Lambda