Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iam__privesc_scan - unexpected exit on method CodeStarCreateProjectFromTemplate #415

Closed
ertygiq opened this issue Apr 9, 2024 · 1 comment · Fixed by #432
Closed

iam__privesc_scan - unexpected exit on method CodeStarCreateProjectFromTemplate #415

ertygiq opened this issue Apr 9, 2024 · 1 comment · Fixed by #432

Comments

@ertygiq
Copy link

ertygiq commented Apr 9, 2024

I'm running iam__privesc_scan
After few attempts with different methods, the module tries 'CodeStarCreateProjectFromTemplate' method and exits with the following message in the output:

...
[iam__privesc_scan]   Method failed. Trying next potential method...
[iam__privesc_scan] No auto-exploitation setup for CodeStarCreateProjectFromTemplate, visit the blog on this privilege escalation method for a standalone exploitation script: https://rhinosecuritylabs.com/aws/escalating-aws-iam-privileges-undocumented-codestar-api

[iam__privesc_scan] iam__privesc_scan completed.

[iam__privesc_scan] MODULE SUMMARY:

  Privilege escalation was successful

Expected behavior: the module will continue to try other methods.
@DaveYesland
Copy link
Collaborator

I think the privesc methods just were not returning False on fail. Could you give this branch a try: https://github.com/RhinoSecurityLabs/pacu/tree/fix/415
and see if that fixes the issue?

@DaveYesland DaveYesland mentioned this issue May 28, 2024
Merged
DaveYesland added a commit that referenced this issue May 28, 2024
@DaveYesland
Merge pull request #432 from RhinoSecurityLabs/fix/415
8d95f91 
Add options to privesc module and Fix #415
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add options to privesc module and Fix #415 RhinoSecurityLabs/pacu
2 participants
@ertygiq @DaveYesland