Pacu

Tool - Pacu Usage

Install and setup

$ pip3 install -U pacu
$ pacu

GitHub - RhinoSecurityLabs/pacu: The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.GitHub

Setting the initial user access key

set_keys

Permission of current logged-in user

exec iam__enum_permissions
whoami

IAM Users Enumeration

run iam__enums --role-name <your assumed role> --account-id <account i

Valid IAM Roles

run iam__enum_roles --role-name <your role> --account-id <target account ID>

Bruteforce IAM permissions

run iam__bruteforce_permissions

Enumerate ec2 instance and get the public ip addresses

exec ec2__enum
data EC2

Enumerate privilege escalation permission and exploit it

exec iam__privesc_scan

Beginner's Guide to hunting for AWS IAM Privilege Escalations with Pacu© PWNED LABS CYBERSECURITY TRAINING SERVICES - FZCO

Interesting Book

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• Advanced Penetration Testing: Hacking AWS 2 This book delves deeper into analyzing the security of various AWS services and shows techniques and tactics used by an attacker to breach an AWS environment

• Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and Cloud