[LAB] [CTF] iam:CreateAccessKey PrivEsc
Only high level admins should have the
iam:CreateAccessKey permission, because an attacker with the
iam:CreateAccessKey permission on other users can create an access key ID and secret access key for that user, which means they can authenticate as that user.
Exploit this lab’s misconfigured IAM policy to elevate your privileges. You’ve successfully completed this lab once you’ve accessed and downloaded sensitive files containing customer PII in Amazon S3.
- Using the provided Access Key ID and Secret Access Key, configure your AWS CLI profile
- Using the AWS CLI, identify what permissions your current user has access to and perform general reconnaissance to familiarize yourself with the AWS environment
- Gain access to and authenticate as the IAM user ending in
- Using your new permissions, access the S3 bucket containing sensitive data
- Download those files and make sure they contain PII.