# Pacu

## Install and setup

```
$ pip3 install -U pacu
$ pacu
```

{% embed url="<https://github.com/RhinoSecurityLabs/pacu>" %}

Setting the initial user access key

```
set_keys
```

<figure><img src="/files/PGOtWvxx3RqPTKuTL88M" alt=""><figcaption></figcaption></figure>

## Permission of current logged-in user

```
exec iam__enum_permissions
whoami
```

## IAM Users Enumeration

```
run iam__enums --role-name <your assumed role> --account-id <account i
```

## Valid IAM Roles

```
run iam__enum_roles --role-name <your role> --account-id <target account ID>
```

## Bruteforce IAM permissions

```
run iam__bruteforce_permissions
```

## Enumerate ec2 instance and get the public ip addresses

```
exec ec2__enum
data EC2
```

<figure><img src="/files/m62U9BjdWbZAr8a2RG5Q" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/5gQTa8cdCY5Wc1F6y3ZI" alt=""><figcaption></figcaption></figure>

## Enumerate privilege escalation permission and exploit it

```
exec iam__privesc_scan
```

{% embed url="<https://blog.pwnedlabs.io/beginners-guide-to-hunting-for-aws-iam-privilege-escalations-with-pacu>" %}

<figure><img src="/files/wXznI2KvELMmA5c2qFwb" alt=""><figcaption></figcaption></figure>

## Interesting Book

{% content-ref url="/pages/VVT5FQq9z62bWoNAWCUS" %}
[Interesting Books](/0xss0rz/interesting-books.md)
{% endcontent-ref %}

{% hint style="info" %}
**Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.
{% endhint %}

* [**Advanced Penetration Testing: Hacking AWS 2**](https://www.amazon.fr/dp/B0849Z2TLJ?tag=0xss0rz-21)\
  This book delves deeper into analyzing the security of various AWS services and shows techniques and tactics used by an attacker to breach an AWS environment
* [**Hands-On AWS Penetration Testing with Kali Linux**](https://www.amazon.fr/dp/B07C61YYJ4?tag=0xss0rz-21)\
  Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and Cloud


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xss0rz.gitbook.io/0xss0rz/cloud/aws/pacu.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.