CDRGoat Scenario 2: Web Vuln to Full Account Takeover via SSM & IAM

CDRGoat Scenario 2 explores a realistic attack chain demonstrating how a Server-Side Request Forgery (SSRF) vulnerability in a web application can lead to the compromise of an entire AWS account through cloud misconfigurations rather than obvious security flaws. The scenario outlines various phases, starting with the exploitation of SSRF to steal IAM credentials from an EC2 instance, followed by permission enumeration to identify vulnerabilities such as the ability to communicate with a private EC2 instance via AWS Systems Manager. The attack proceeds with lateral movement to the private EC2 instance and privilege escalation through the creation of a Lambda function that exploits dangerous permission combinations. By assigning an AdministratorAccess policy to the compromised role, attackers gain access to sensitive resources like RDS, S3, and Secrets Manager. The scenario highlights the significance of seemingly small vulnerabilities and permissive role configurations in enabling full-account compromise and emphasizes the importance of validating defenses against such attack chains. CDRGoat is intended for educational purposes, and users are advised to deploy it only in isolated, non-production environments, accepting full responsibility for any outcomes.