LinkedIn GitHub YouTube

Pacu

Offensive security tool for exploiting configuration flaws in AWS

Installation

Setup

  • Pacu leverages IAM access keys stored in the default location, ~/.aws/credentials

# configure user credentials in pacu, specify specific profile or all creds in file
set_keys <awsProfile> | --all

# import current user's permissions (run this anytime permissions change)
run iam__enum_permissions

# validate user's permissions
whoami

Modules

Backdoor

  • Pacu can help give you backdoor access (i.e., another access method)

# add user to an IAM Role (requires ability to edit the role's trust policy)
run iam__backdoor_assume_role

Privilege Escalation

  • Pacu can perform 20+ privilege escalation checks

run iam__privesc_scan

Enumeration

# checks if credentials are known canary tokens (i.e., fake creds used to detect you)
iam__detect_honeytokens
PreviousdsnapNextKubernetes

Last updated