Skip to content

Latest commit

 

History

History
 
 

aws-privilege-escalation

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
aws-cloudformation-privesc
aws-cloudformation-privesc
 
 
aws-codestar-privesc
aws-codestar-privesc
 
 
README.md
README.md
 
 
aws-apigateway-privesc.md
aws-apigateway-privesc.md
 
 
aws-chime-privesc.md
aws-chime-privesc.md
 
 
aws-codebuild-privesc.md
aws-codebuild-privesc.md
 
 
aws-codepipeline-privesc.md
aws-codepipeline-privesc.md
 
 
aws-cognito-privesc.md
aws-cognito-privesc.md
 
 
aws-datapipeline-privesc.md
aws-datapipeline-privesc.md
 
 
aws-directory-services-privesc.md
aws-directory-services-privesc.md
 
 
aws-dynamodb-privesc.md
aws-dynamodb-privesc.md
 
 
aws-ebs-privesc.md
aws-ebs-privesc.md
 
 
aws-ec2-privesc.md
aws-ec2-privesc.md
 
 
aws-ecr-privesc.md
aws-ecr-privesc.md
 
 
aws-ecs-privesc.md
aws-ecs-privesc.md
 
 
aws-efs-privesc.md
aws-efs-privesc.md
 
 
aws-emr-privesc.md
aws-emr-privesc.md
 
 
aws-gamelift.md
aws-gamelift.md
 
 
aws-glue-privesc.md
aws-glue-privesc.md
 
 
aws-iam-privesc.md
aws-iam-privesc.md
 
 
aws-kms-privesc.md
aws-kms-privesc.md
 
 
aws-lightsail-privesc.md
aws-lightsail-privesc.md
 
 
aws-mediapackage-privesc.md
aws-mediapackage-privesc.md
 
 
aws-mq-privesc.md
aws-mq-privesc.md
 
 
aws-msk-privesc.md
aws-msk-privesc.md
 
 
aws-rds-privesc.md
aws-rds-privesc.md
 
 
aws-redshift-privesc.md
aws-redshift-privesc.md
 
 
aws-s3-privesc.md
aws-s3-privesc.md
 
 
aws-sagemaker-privesc.md
aws-sagemaker-privesc.md
 
 
aws-secrets-manager-privesc.md
aws-secrets-manager-privesc.md
 
 
aws-sns-privesc.md
aws-sns-privesc.md
 
 
aws-sqs-privesc.md
aws-sqs-privesc.md
 
 
aws-ssm-privesc.md
aws-ssm-privesc.md
 
 
aws-sts-privesc.md
aws-sts-privesc.md
 
 
aws-workdocs-privesc.md
aws-workdocs-privesc.md
 
 
route53-createhostedzone-route53-changeresourcerecordsets-acm-pca-issuecertificate-acm-pca-getcer.md
route53-createhostedzone-route53-changeresourcerecordsets-acm-pca-issuecertificate-acm-pca-getcer.md
 
 

README.md

AWS - Privilege Escalation

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

AWS Privilege Escalation

The way to escalate your privileges in AWS is to have enough permissions to be able to, somehow, access other roles/users/groups privileges. Chaining escalations until you have admin access over the organization.

{% hint style="warning" %} AWS has hundreds (if not thousands) of permissions that an entity can be granted. In this book you can find all the permissions that I know that you can abuse to escalate privileges, but if you know some path not mentioned here, please share it. {% endhint %}

{% hint style="danger" %} If an IAM policy has "Effect": "Allow" and "NotAction": "Someaction" indicating a resource... that means that the allowed principal has permission to do ANYTHING but that specified action.
So remember that this is another way to grant privileged permissions to a principal. {% endhint %}

The pages of this section are ordered by AWS service. In there you will be able to find permissions that will allow you to escalate privileges.

Tools

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: