https://adicpnn.com/tags/ssm/Recent content in Ssm on security ?!Hugoen-usThu, 12 Mar 2026 00:00:00 +0000https://adicpnn.com/blog/cloudfoxable/root/Thu, 12 Mar 2026 00:00:00 +0000https://adicpnn.com/blog/cloudfoxable/root/<!-- raw HTML omitted --> <p>You&rsquo;ve just gained access to the role Kent. Can you get to the root flag in the SSM parameter store?</p> <!-- raw HTML omitted --> <h3 id="information-gathering">Information Gathering</h3> <p>Short and concise challenge details, I will start by preparing a profile for ramos, and checking which policies are attached to it.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">adicpnn@laboratory cloud % cat ~/.aws/config<span class="p">|</span> tail </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="o">[</span>profile kent<span class="o">]</span> </span></span><span class="line"><span class="cl"><span class="nv">region</span> <span class="o">=</span> eu-central-1 </span></span><span class="line"><span class="cl"><span class="nv">role_arn</span> <span class="o">=</span> arn:aws:iam::129323993607:role/Kent </span></span><span class="line"><span class="cl"><span class="nv">source_profile</span> <span class="o">=</span> cloudfoxable </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">adicpnn@laboratory cloud % aws iam list-attached-role-policies --role-name Kent --profile cloudfoxable </span></span><span class="line"><span class="cl"><span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;AttachedPolicies&#34;</span>: <span class="o">[</span> </span></span><span class="line"><span class="cl"> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;PolicyName&#34;</span>: <span class="s2">&#34;root-policy1&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;PolicyArn&#34;</span>: <span class="s2">&#34;arn:aws:iam::129323993607:policy/root-policy1&#34;</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="o">]</span> </span></span><span class="line"><span class="cl"><span class="o">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>A single policy attached, let&rsquo;s see what type of access it grants.</p>