Open in app

Sign in

Write

Sign in

Cloudgoat AWS CTF solution- Scenerio 5 (iam_privesc_by_attachment)

n00🔑
5 min readOct 19, 2022

Scenario: iam_privesc_by_attachment

Deployment:

git clone https://github.com/RhinoSecurityLabs/cloudgoat.git
cd cloudgoat
chmod +x cloudgoat.py 
./cloudgoat.py create iam_privesc_by_attachment
~/.aws/credentials

Scenario Resources

  • 1 VPC with: EC2 x 1
  • 1 IAM User

Scenario Start(s)

  1. IAM User “Kerrigan”

Scenario Goal(s)

Delete the EC2 instance “cg-super-critical-security-server”

Summary

Starting with a very limited set of permissions, the attacker is able to leverage the instance-profile-attachment permissions to create a new EC2 instance with significantly greater privileges than their own. With access to this new EC2 instance, the attacker gains full administrative powers within the target account and is able to accomplish the scenario’s goal — deleting the cg-super-critical-security-server and paving the way for further nefarious actions.

Exploitation Route(s)

--

--

n00🔑

Written by n00🔑

388 Followers

Computer Security Enthusiast. Usually plays HTB (ID-23862). https://www.youtube.com/@pswalia2u https://www.linkedin.com/in/pswalia2u/ Instagram @pswalia4u

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams