Pacu has a module that automates this entire process for us as well. This module is known as the iam__backdoor_users_keys module, and automates the process we just went through. To try it out, run the following command within Pacu:

run iam__backdoor_users_keys 

By default, we will get a list of users to choose from, but alternatively we could have supplied a username in the original command.

Now when our original access to the environment is discovered, we have backup credentials to a (hopefully highly privileged) user. If we wanted, we could use techniques from previous chapters to enumerate the permissions for that user.