Dave Yesland
Dave Yesland
Currently the only way I know to get the vulnerable version is via the AWS marketplace: The AWS marketplace (https://aws.amazon.com/marketplace/pp/prodview-kgh3dsfk7qcnw) has free trials which can be used by deploying a...
@wvu found a much cleaner way to get a root shell: https://x.com/wvuuuuuuuuuuuuu/status/1770728321166278885?s=20 Still would need to test it in the module but probably better to just use this method on...
I was able to check root privescs on 7.2.59.2.22338, which is not vulnerable to CVE-2024-1212. The sudo entries and other privescs still exist.
No problem having you take that if you already have a plan to split them.
Awesome looks good! Is there anything else needed from me here?
Looks like this was merged and fixed
Might look at implementing something like this: https://pritul95.github.io/blogs/boto3/2020/08/01/refreshable-boto3-session/
This is currently possible with the following: ``` run ec2__enum --public-ips data ec2 PublicIPs ```
These have been updated
There was a eks__enum module added at some point. Assuming this covers this use case? https://github.com/RhinoSecurityLabs/pacu/blob/master/pacu/modules/eks__enum/main.py