Exploitation Scenario

General Guidelines

AWS token compromised (Developer machine, phishing etc) and we as attackers will gonna use it.

1) Enumerating the owner of the key and initial compromise

aws sts get-caller-identity

OR specifing a profile

aws sts get-caller-identity --profile EXAMPLE_NAME

If you have the password of the root account instead of key, log in to:

https://signin.aws.amazon.com/console

OR use the IAM in case the account is not the root

https://ACCOUNT_ID.signin.aws.amazon.com/console

The account id can be captured using the sts get caller command.

PreviousAWS IAM Enumeration NextAWS IAM Interesting permissions

Last updated 7 months ago