search

RhinoSecurityLabs / pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
BSD 3-Clause "New" or "Revised" License
4.37k stars 694 forks source link

iam__privesc_scan - unexpected exit on method CodeStarCreateProjectFromTemplate #415

Closed ertygiq closed 5 months ago

ertygiq commented 6 months ago

I'm running iam__privesc_scan After few attempts with different methods, the module tries 'CodeStarCreateProjectFromTemplate' method and exits with the following message in the output:

...
[iam__privesc_scan]   Method failed. Trying next potential method...
[iam__privesc_scan] No auto-exploitation setup for CodeStarCreateProjectFromTemplate, visit the blog on this privilege escalation method for a standalone exploitation script: https://rhinosecuritylabs.com/aws/escalating-aws-iam-privileges-undocumented-codestar-api

[iam__privesc_scan] iam__privesc_scan completed.

[iam__privesc_scan] MODULE SUMMARY:

  Privilege escalation was successful

Expected behavior: the module will continue to try other methods.

DaveYesland commented 5 months ago

I think the privesc methods just were not returning False on fail. Could you give this branch a try: https://github.com/RhinoSecurityLabs/pacu/tree/fix/415 and see if that fixes the issue?