GITBOOK-640: No subject

HackTricks-wiki · Jun 30, 2024 · 03d376f · 03d376f
1 parent a3ee329
commit 03d376f
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 26 deletions.
diff --git a/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-privesc.md b/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-privesc.md
@@ -79,30 +79,6 @@ aws iam update-login-profile --user-name target_user --no-password-reset-require
 
 **Impact:** Direct privilege escalation by logging in as "any" user.
 
-### **`iam:GetFederationToken`**
-
-With this permission it's possible to generate credentials to impersonate any user:
-
-```bash
-aws sts get-federation-token --name <username>
-```
-
-This is how this permission can be given securely without giving access to impersonate other users:
-
-```json
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "VisualEditor0",
-            "Effect": "Allow",
-            "Action": "sts:GetFederationToken",
-            "Resource": "arn:aws:sts::947247140022:federated-user/${aws:username}"
-        }
-    ]
-}
-```
-
 ### **`iam:UpdateAccessKey`**
 
 Allows enabling a disabled access key, potentially leading to unauthorized access if the attacker possesses the disabled key.

diff --git a/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sts-privesc.md b/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sts-privesc.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -50,6 +50,30 @@ Note that in this case the permission `sts:AssumeRole` needs to be **indicated i
 With one exception, in order to **assume a role from a different account** the attacker account **also needs** to have the **`sts:AssumeRole`** over the role.
 {% endhint %}
 
+### **`sts:GetFederationToken`**
+
+With this permission it's possible to generate credentials to impersonate any user:
+
+```bash
+aws sts get-federation-token --name <username>
+```
+
+This is how this permission can be given securely without giving access to impersonate other users:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": "sts:GetFederationToken",
+            "Resource": "arn:aws:sts::947247140022:federated-user/${aws:username}"
+        }
+    ]
+}
+```
+
 ### `sts:AssumeRoleWithSAML`
 
 A trust policy with this role grants **users authenticated via SAML access to impersonate the role.**
@@ -121,7 +145,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>