HackTricks CloudAWS - Privilege Escalation
Reading time: 2 minutes
tip
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
AWS Privilege Escalation
The way to escalate your privileges in AWS is to have enough permissions to be able to, somehow, access other roles/users/groups privileges. Chaining escalations until you have admin access over the organization.
warning
AWS has hundreds (if not thousands) of permissions that an entity can be granted. In this book you can find all the permissions that I know that you can abuse to escalate privileges, but if you know some path not mentioned here, please share it.
caution
If an IAM policy has "Effect": "Allow" and "NotAction": "Someaction" indicating a resource... that means that the allowed principal has permission to do ANYTHING but that specified action.
So remember that this is another way to grant privileged permissions to a principal.
The pages of this section are ordered by AWS service. In there you will be able to find permissions that will allow you to escalate privileges.
Tools
- https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws_escalate.py
- Pacu
tip
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.