https://ghostarea.net/ A ghost journey in the shell. 2025-08-18T16:42:34+07:00 mRb0x https://ghostarea.net/ Jekyll © 2025 mRb0x /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2025-05-26T04:10:00+07:00 2025-05-26T04:10:00+07:00 https://ghostarea.net/posts/AWS-Cheatsheet-Privesc/ mRb0x

Reference Core Concepts iam:PassRole: Lets you pass an IAM role to a service (e.g., EC2, Lambda). iam:Create, iam:Put, iam:UpdateAssumeRolePolicy: Can lead to full compromise. Abusable Services: EC2, Lambda, CloudFormation, Glue, SageMaker, DataPipeline. 1. iam:PassRole + Service Abuse If you can pass a high-privilege role and start a service that uses it → escalation. a. EC2 aws ec2 ...

2025-05-26T03:50:00+07:00 2025-05-26T03:50:00+07:00 https://ghostarea.net/posts/AWS-Cheatsheet-EC2/ mRb0x

Reference AWS-CLI-EC2 1. List EC2 Instances Shows instance IDs, public IPs, AMIs, key names, IAM roles, etc. aws ec2 describe-instances --region [region] Use JMESPath filters for cleaner output: aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId,PublicIpAddress,State.Name,KeyName,IamInstanceProfile.Arn]" 2. Get Detailed Info on a Specific Instance aws ec2 descri...

2025-05-26T03:45:00+07:00 2025-05-26T03:45:00+07:00 https://ghostarea.net/posts/AWS-Cheatsheet-Lambda/ mRb0x

Reference AWS-CLI-Lambda 1. List All Lambda Functions Shows names, runtimes, ARNs, and last modified dates. aws lambda list-functions --region [region] 2. Get Detailed Info on a Function a. Get full function config (IAM role, runtime, env vars, etc.) aws lambda get-function-configuration --function-name [function-name] b. Get code download URL + deployment details Returns a pre-signed S...

2025-05-26T03:40:00+07:00 2025-05-26T03:40:00+07:00 https://ghostarea.net/posts/AWS-Cheatsheet-S3/ mRb0x

Reference AWS-CLI-S3 S3 Bucket Enumerating Cheat Sheet 1. List Buckets in the Authenticated Account aws s3 ls 2. Check if a Bucket Exists (No Auth) aws s3 ls s3://[bucket-name] --no-sign-request 3. List Contents of a Public or Accessible Bucket aws s3 ls s3://[bucket-name]/[optional-path] --no-sign-request 4. Download an Object aws s3 cp s3://[bucket-name]/[key] [local-file] --no-sign...

2025-05-26T03:25:00+07:00 2025-05-26T03:25:00+07:00 https://ghostarea.net/posts/AWS-Cheatsheet-IAM/ mRb0x

Reference AWS-CLI-IAM Configure AWS Access & Secret Key # Create profile. aws configure --profile [name] # Check whoami. aws sts get-caller-identity --profile [name] List IAM Uses aws iam get-user --profile [name] aws iam list-users --profile [name] aws iam list-access-keys --profile [name] Get User Permissions List attached managed policies aws iam list-attached-user-policies --...