aws_iam_privesc: How I made a 5-year old tool relevant again through the power of open source
On June 19th, 2018, the last update to RhinoSecurityLabs’ tool aws_iam_privesc was committed into its GitHub repository. For 5 years, this tool has been lying dormant in the graveyard of unmaintained open-source tools. When doing research on AWS IAM attacks, I found the series of blog posts (which will be linked below) with a bunch of IAM privilege escalation (privesc) methods and found the original program. I was shocked that it hadn’t been updated in 5 years because AWS has grown exponentially since then. Sure, Pacu (another great RhinoSecurityLabs tool) has a module that scans all of these methods, but it also exploits the vulnerabilities. More often than not, pentesters and ethical hackers do NOT want a program executing attacks willy-nilly, as it often breaks the Terms of Service — most engagements require that you report a privesc vulnerabilty before executing it, and most testers do it manually to avoid system damage. It’s great, but it doesn’t match the purpose of the original program. Pacu’s version of this program is also more complicated to use, as you load modules similar to Metasploit, and you have less control over what happens to the IAM roles themselves.
So, what did I do?
I revived it.
I added all of the methods from the second blog post (and then some). I ported the program to BlackArch Linux so that it is easily accessible by pentesters. I wrote this blog post so that I could share this tool to my people, the ethical hackers who are also trying to save the world and protect people. And you can download it right here.
The moral of this story is that we all play a part in improving the security of the internet. And to do that, we need to have relevant, powerful, and reliable tooling that is open-source so that anyone can use it and remix it. So if my revival of aws_iam_privesc will help us secure one more person, one more site, it will all be worth it.
Resources
To read the blogs mentioned in this article, please visit https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ and https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation-part-2/.
Credit for the original program and Pacu goes to RhinoSecurityLabs. Their work is amazing, so please support them!
Open Source by Nick Youngson CC BY-SA 3.0 Alpha Stock Images
About the Author:
Megan Howell (CyberQueenMeg) is a cybersecurity student at Grand Canyon University and an Offensive Security Intern at Cisco Systems. She is a bug bounty hunter, has been featured in Forbes Magazine for her work in AI Bias hunting, open source contributor to programs like BeeF and BlackArch Linux, former DefCon speaker, SkillsUSA Cybersecurity national competitor, National Cyber Scholar, and Cyber Patriot competitor. You can find her social media profiles at linktr.ee/cyberqueenmeg.
DISCLAIMER
The information presented above can be used for both beneficial and malicious purposes. I do not condone or endorse the use of this information for malicious purposes and will fully support the prosecution of those who use the information presented above in a manner that violates the law. You are only authorized to utilize this information on your own systems or on systems you are explicitly authorized to penetration test or perform bug bounties on. If you use this exploit in a malicious manner, you will be charged and prosecuted to the full extent of the laws surrounding unethical hacking and cyber crime.
