The Big IAM Challenge

hwup·2025년 12월 13일

AWS

목록 보기
1/4

Wiz Big IAM Challenge

Challenge 1

이 문서를 참고하면 좋다. AWS CLI에서 상위 수준(s3) 명령 사용

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::thebigiamchallenge-storage-9979f4b/*"
        },
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::thebigiamchallenge-storage-9979f4b",
            "Condition": {
                "StringLike": {
                    "s3:prefix": "files/*"
                }
            }
        }
    ]
}

https://[bucket name].s3-[aws-region].amazonaws.com

Start the challenge here, you have the aws cli configured. Try executing: aws sts get-caller-identity
> aws sts get-caller-identity
{
    "UserId": "AROAZSFITKRSYE6ELQP2Q:iam_shell",
    "Account": "657483584613",
    "Arn": "arn:aws:sts::657483584613:assumed-role/shell_basic_iam/iam_shell"
}
> aws iam list-user-policies --user-name shell_basic_iam

An error occurred (AccessDenied) when calling the ListUserPolicies operation: User: arn:aws:sts::657483584613:assumed-role/shell_basic_iam/iam_shell is not
 authorized to perform: iam:ListUserPolicies on resource: user shell_basic_iam because no identity-based policy allows the iam:ListUserPolicies action> aws iam list-user-policies --user-name shell_basic_iam
> aws s3 ls s3://thebigiamchallenge-storage-9979f4b
                           PRE files/

aws s3api get-object --bucket thebigiamchallenge-storage-9979f4b --key files/flag1.txt /dev/stdout


Flag: {wiz:exposed-storage-risky-as-usual}

Challenge 2

참고: AWS CLI를 사용한 Amazon SQS 예시

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "sqs:SendMessage",
                "sqs:ReceiveMessage"
            ],
            "Resource": "arn:aws:sqs:us-east-1:092297851374:wiz-tbic-analytics-sqs-queue-ca7a1b2"
        }
    ]
}


arn:aws:sqs:us-east-1:092297851374:wiz-tbic-analytics-sqs-queue-ca7a1b2
https://sqs.us-east-1.amazonaws.com/092297851374/wiz-tbic-analytics-sqs-queue-ca7a1b2

Challenge 3

{
    "Version": "2008-10-17",
    "Id": "Statement1",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "SNS:Subscribe",
            "Resource": "arn:aws:sns:us-east-1:092297851374:TBICWizPushNotifications",
            "Condition": {
                "StringLike": {
                    "sns:Endpoint": "*@tbic.wiz.io"
                }
            }
        }
    ]
}

SNS Endpoint

> aws sns subscribe --topic-arn arn:aws:sns:us-east-1:092297851374:TBICWizPushNotifications --protocol email --notification-endpoint a@tbic.wiz.io
{
    "SubscriptionArn": "pending confirmation"
}

풀면서 업데이트 하는중..

profile
hwup
Level up!
다음 포스트

SageMaker 공격 방식

0개의 댓글