[LAB] [CTF] iam:AddUserToGroup PrivEsc
Best practices say that we should try to apply IAM policies to groups, and then add users to those groups so that they can inherit permissions. This is a best practice because it helps keep things organized and you can quickly and easily give or remove a user’s permissions by adding them or removing them from a group.
This lab is a great way to showcase why this is a best practice. Even just adding one inline policy to a user can wreak havoc, as you’re about to find out.
This lab has been misconfigured, so exploit it with
iam:AddUserToGroup to grant yourself access to the Secrets Manager service so you can retrieve secrets from that AWS account.
You’ve successfully completed this lab once you’ve accessed the value of that secret in plaintext!
- Using the provided Access Key ID and Secret Access Key, configure your AWS CLI profile
- Using the AWS CLI, identify what permissions your current user has access to and perform general reconnaissance to familiarize yourself with the AWS environment
- Leverage your
iam:AddUserToGrouppermissions to gain access to Secrets Manager
- Access Secrets Manager and retrieve the secret value