{% hint style="success" %}
Learn & practice AWS Hacking:.png)
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: .png)
HackTricks Training GCP Red Team Expert (GRTE).png)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
For more info about directory services check:
{% content-ref url="../aws-services/aws-directory-services-workdocs-enum.md" %} aws-directory-services-workdocs-enum.md {% endcontent-ref %}
This permission allows to change the password of any existent user in the Active Directory.
By default, the only existent user is Admin.
aws ds reset-user-password --directory-id <id> --user-name Admin --new-password Newpassword123.
It's possible to enable an application access URL that users from AD can access to login:
.png)
And then grant them an AWS IAM role for when they login, this way an AD user/group will have access over AWS management console:
.png)
There isn't apparently any way to enable the application access URL, the AWS Management Console and grant permission
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.