Back to Course

IAM Privilege Escalation Labs

0% Complete
0/0 Steps
  1. Introduction

    About this course
  2. Real-world case studies
  3. Useful IAM tips and security tools
  4. Introduction to AWS Enumeration
    [LAB] Getting Started with the AWS CLI
  5. [LAB] Introduction to AWS IAM Enumeration
  6. [Cheat Sheet] IAM Enumeration CLI Commands
  7. [LAB] Introduction to Secrets Manager Enumeration
  8. [Cheat Sheet] Secrets Manager Enumeration CLI Commands
  9. [LAB] Introduction to Amazon S3 Enumeration
  10. iam:CreateAccessKey
    [LAB] [CTF] iam:CreateAccessKey PrivEsc
  11. iam:CreateAccessKey Solution
  12. iam:CreateLoginProfile
    [LAB] [CTF] iam:CreateLoginProfile PrivEsc
  13. iam:CreateLoginProfile Solution
  14. iam:UpdateLoginProfile
    [LAB] [CTF] iam:UpdateLoginProfile PrivEsc
  15. iam:UpdateLoginProfile Solution
  16. iam:SetDefaultPolicyVersion
    [LAB] [CTF] iam:SetDefaultPolicyVersion PrivEsc
  17. iam:SetDefaultPolicyVersion Solution
  18. iam:AddUserToGroup
    [LAB] [CTF] iam:AddUserToGroup PrivEsc
  19. iam:AddUserToGroup Solution
  20. iam:AttachUserPolicy
    [LAB] [CTF] iam:AttachUserPolicy PrivEsc
  21. iam:AttachUserPolicy Solution
  22. iam:AttachGroupPolicy
    [LAB] [CTF] iam:AttachGroupPolicy PrivEsc
  23. iam:AttachGroupPolicy Solution
  24. iam:PutUserPolicy
    [LAB] [CTF] iam:PutUserPolicy PrivEsc
  25. iam:PutUserPolicy Solution
  26. iam:PutGroupPolicy
    [LAB] [CTF] iam:PutGroupPolicy PrivEsc
  27. iam:PutGroupPolicy Solution
  28. iam:AttachRolePolicy
    [LAB] [CTF] iam:AttachRolePolicy PrivEsc
  29. iam:AttachRolePolicy Solution
  30. iam:PutRolePolicy
    [LAB] [CTF] iam:PutRolePolicy PrivEsc
  31. iam:PutRolePolicy Solution
  32. Challenges
    About challenges
  33. Challenge #1 - Secrets Unleashed
  34. Challenge #2 - IAM Escape Room
  35. Conclusion
    What's next?
Lesson 8 of 35
In Progress

[Cheat Sheet] Secrets Manager Enumeration CLI Commands

Christophe January 31, 2024

# AWS Secrets Manager Enumeration CLI commands
## Retrieves general and specific Secrets Manager information including listing secrets, retrieving resource-policy permissions, and retrieving stored secrets .
## These are meant to be non-destructive enumeration commands. They only retrieve information. They do not modify resources.
## However, keep in mind these actions will still get logged and potentially trigger alerts if the AWS account has monitoring & logging enabled.
# Documentation:

aws secretsmanager list-secrets [--include-planned-deletion | --no-include-planned-deletion] 
# Retrieves a list of secrets stored in Secrets Manager in that AWS account
# Does not include secrets marked for deletion unless you use optional [--include-planned-deletion]
# --include-planned-deletion: This option tells the system that when you ask for a list of secrets, it should also show you the ones that are set to be deleted in the future
# --no-include-planned-deletion: This option is the opposite. It tells the system that when you ask for a list of secrets, you don't want to see the ones that are planned to delete in the future.
# To issue this command, you must have secretsmanager:ListSecrets access

aws secretsmanager list-secret-version-ids --secret-id <value> 
# Lists the versions for a specific secret
# To issue this command, you must have secretsmanager:ListSecretVersionIds access

aws secretsmanager get-resource-policy --secret-id <value> 
# Secrets in Secrets Manager can have resource-based permissions policies attached (this is optional but a recommended security practice). This command retrieves it for a particular secret.
# To issue this command, you must have secretsmanager:GetResourcePolicys access

aws secretsmanager describe-secret --secret-id <value> 
# Gets the details for a secret, but doesn't include the secret value
# It does provide the Arn, Name, Description, KmsKeyId, whether rotation is enabled, and more
# To issue this command, you must have secretsmanager:DescribeSecret access

aws secretsmanager get-secret-value --secret-id <value> [--version-id <value>] [--version-stage <value>] 
# This retrieves the secret value as either SecretString or SecretBinary
# If you don't specify the optional [--version-id], it will grab the current version
# To issue this command, you must have secretsmanager:GetSecretValue access
Code language: PHP (php)


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.