Skip to content

Commit d76ef5d

Browse files
FrichettenFrichetten
authored
Merge pull request #171 from Hacking-the-Cloud/update_pacu_module_link
Updated the link to the iam__enum_roles Pacu module
2 parents 7e98f69 + 3837614 commit d76ef5d

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

content/aws/enumeration/enum_iam_user_role.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ Original Research: [Daniel Grzelak](https://twitter.com/dagrz) - [Remastered Tal
88
Additional Reading: [Rhino Security](https://rhinosecuritylabs.com/aws/aws-role-enumeration-iam-p2/)
99
Link to Quiet Riot: [Github](https://github.com/righteousgambitresearch/quiet-riot)
1010
Link to Tool: [GitHub](https://github.com/Frichetten/enumate_iam_using_bucket_policy)
11-
Link to Pacu Module: [GitHub](https://github.com/RhinoSecurityLabs/pacu/tree/master/modules/iam__enum_roles)
11+
Link to Pacu Module: [GitHub](https://github.com/RhinoSecurityLabs/pacu/tree/master/pacu/modules/iam__enum_roles)
1212

1313
You can enumerate Account IDs, root account e-mail addresses, IAM roles, IAM users, and a partial account footprint by abusing [Resource-Based Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_resource-based).
1414

@@ -41,7 +41,7 @@ You would apply this policy to a bucket <ins>you</ins> own. By specifying a prin
4141
!!! Note
4242
While this works for both IAM users and roles, this will also work with [service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html). This will allow you to enumerate various services the account uses, such as GuardDuty or Organizations.
4343

44-
To automate this process you can use the [Pacu Module](https://github.com/RhinoSecurityLabs/pacu/tree/master/modules/iam__enum_roles) or [this](https://github.com/Frichetten/enumate_iam_using_bucket_policy) which will attempt to brute force it for you.
44+
To automate this process you can use the [Pacu Module](https://github.com/RhinoSecurityLabs/pacu/tree/master/pacu/modules/iam__enum_roles) or [this](https://github.com/Frichetten/enumate_iam_using_bucket_policy) which will attempt to brute force it for you.
4545

4646
```
4747
usage: main.py [-h] --id ID --my_bucket MY_BUCKET [--wordlist WORDLIST] (--role | --user)

0 commit comments

Comments
 (0)