fix device farm and other stuff
This commit is contained in:
carnal0wnage
@@ -116,6 +116,42 @@ def generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ser
|
|||||||
print("\n")
|
print("\n")
|
||||||
return actions
|
return actions
|
||||||
|
|
||||||
|
def generic_permission_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed):
|
||||||
|
actions = []
|
||||||
|
try:
|
||||||
|
client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region)
|
||||||
|
except Exception as e:
|
||||||
|
# print('Failed to connect: "{}"' .format(e.error_message))
|
||||||
|
print('Failed to connect: "{}"' .format(e))
|
||||||
|
return actions
|
||||||
|
|
||||||
|
actions = generic_method_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed)
|
||||||
|
if actions:
|
||||||
|
print("\n[+] {} Actions allowed are [+]" .format(service))
|
||||||
|
print(actions)
|
||||||
|
timenow = datetime.datetime.now()
|
||||||
|
|
||||||
|
db_logger = []
|
||||||
|
for action in actions:
|
||||||
|
db_logger.append([service, action, AWS_ACCESS_KEY_ID, timenow])
|
||||||
|
# print (db_logger)
|
||||||
|
|
||||||
|
# scrapped the json logging idea but keeping it here just in case
|
||||||
|
# data = json.dumps({'time' : timenow, 'service' : service, 'actions' : actions, 'target' : 'passed_in_target'})
|
||||||
|
# logging.critical(data)
|
||||||
|
|
||||||
|
# logging to db here
|
||||||
|
try:
|
||||||
|
insert_reconservice_data(db_name, db_logger)
|
||||||
|
except sqlite3.OperationalError as e:
|
||||||
|
print(e)
|
||||||
|
print("You need to set up the database...exiting")
|
||||||
|
sys.exit()
|
||||||
|
print("\n")
|
||||||
|
else:
|
||||||
|
print("\n[-] No {} actions allowed [-]" .format(service))
|
||||||
|
print("\n")
|
||||||
|
return actions
|
||||||
|
|
||||||
def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests):
|
def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests):
|
||||||
actions = []
|
actions = []
|
||||||
@@ -134,9 +170,51 @@ def generic_method_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service
|
|||||||
if e.response['Error']['Code'] == 'DryRunOperation':
|
if e.response['Error']['Code'] == 'DryRunOperation':
|
||||||
print('{} IS allowed' .format(api_action))
|
print('{} IS allowed' .format(api_action))
|
||||||
actions.append(api_action)
|
actions.append(api_action)
|
||||||
if e.response['Error']['Code'] == 'ClusterNotFoundException':
|
elif e.response['Error']['Code'] == 'ClusterNotFoundException':
|
||||||
print('{} IS allowed but you need to specify a cluster name' .format(api_action))
|
print('{} IS allowed but you need to specify a cluster name' .format(api_action))
|
||||||
actions.append(api_action)
|
actions.append(api_action)
|
||||||
|
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
|
||||||
|
print('[-] {} IS allowed - but SubscriptionRequiredException - usually means you have an unconfigured root account [-]' .format(api_action))
|
||||||
|
# If it's not configured, we are not adding it to services
|
||||||
|
# actions.append(api_action)
|
||||||
|
elif e.response['Error']['Code'] == 'OptInRequired':
|
||||||
|
print('[-] {} IS allowed - but OptInRequired - usually means you have an unconfigured root account [-]' .format(api_action))
|
||||||
|
# If it's not configured, we are not adding it to services
|
||||||
|
# actions.append(api_action)
|
||||||
|
else:
|
||||||
|
print(e)
|
||||||
|
continue
|
||||||
|
else:
|
||||||
|
print('{} IS allowed' .format(api_action))
|
||||||
|
actions.append(api_action)
|
||||||
|
return actions
|
||||||
|
|
||||||
|
def generic_method_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, service, tests, region_passed):
|
||||||
|
actions = []
|
||||||
|
client = boto3.client(service, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, region_name=region_passed)
|
||||||
|
for api_action, method_name, args, kwargs in tests:
|
||||||
|
try:
|
||||||
|
method = getattr(client, method_name)
|
||||||
|
method(*args, **kwargs)
|
||||||
|
# print method --wont return anything on dryrun
|
||||||
|
except botocore.exceptions.EndpointConnectionError as e:
|
||||||
|
print(e)
|
||||||
|
continue
|
||||||
|
except KeyboardInterrupt:
|
||||||
|
print("CTRL-C received, exiting...")
|
||||||
|
except botocore.exceptions.ClientError as e:
|
||||||
|
if e.response['Error']['Code'] == 'DryRunOperation':
|
||||||
|
print('{} IS allowed' .format(api_action))
|
||||||
|
actions.append(api_action)
|
||||||
|
elif e.response['Error']['Code'] == 'ClusterNotFoundException':
|
||||||
|
print('{} IS allowed but you need to specify a cluster name' .format(api_action))
|
||||||
|
actions.append(api_action)
|
||||||
|
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
|
||||||
|
print('[-] {} IS allowed - but SubscriptionRequiredException - usually means you have an unconfigured root account [-]' .format(api_action))
|
||||||
|
actions.append(api_action)
|
||||||
|
elif e.response['Error']['Code'] == 'OptInRequired':
|
||||||
|
print('[-] {} IS allowed - but OptInRequired - usually means you have an unconfigured root account [-]' .format(api_action))
|
||||||
|
actions.append(api_action)
|
||||||
else:
|
else:
|
||||||
print(e)
|
print(e)
|
||||||
continue
|
continue
|
||||||
@@ -443,7 +521,7 @@ def brute_devicefarm_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
|||||||
print("### Enumerating DeviceFarm Permissions ###")
|
print("### Enumerating DeviceFarm Permissions ###")
|
||||||
tests = [('ListProjects', 'list_projects', (), {}, ),
|
tests = [('ListProjects', 'list_projects', (), {}, ),
|
||||||
('ListDevices', 'list_devices', (), {}, ), ]
|
('ListDevices', 'list_devices', (), {}, ), ]
|
||||||
return generic_permission_bruteforcer(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'devicefarm', tests)
|
return generic_permission_bruteforcer_region(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'devicefarm', tests, 'us-west-2')
|
||||||
|
|
||||||
# http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html
|
# http://boto3.readthedocs.io/en/latest/reference/services/directconnect.html
|
||||||
|
|
||||||
@@ -751,6 +829,7 @@ def brute_iam_permissions(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY):
|
|||||||
tests = [('GetUser', 'get_user', (), {}),
|
tests = [('GetUser', 'get_user', (), {}),
|
||||||
# ('ListUserPolicies', 'list_user_policies', (), {'UserName':'root'} ),
|
# ('ListUserPolicies', 'list_user_policies', (), {'UserName':'root'} ),
|
||||||
('ListGroups', 'list_groups', (), {}),
|
('ListGroups', 'list_groups', (), {}),
|
||||||
|
('ListUsers', 'list_users', (), {}),
|
||||||
# ('ListGroupsForUser', 'list_groups_for_user', (), {'UserName':account_username} ),
|
# ('ListGroupsForUser', 'list_groups_for_user', (), {'UserName':account_username} ),
|
||||||
('GetCredentialReport', 'get_credential_report', (), {}),
|
('GetCredentialReport', 'get_credential_report', (), {}),
|
||||||
('GetAccountSummary', 'get_account_summary', (), {}),
|
('GetAccountSummary', 'get_account_summary', (), {}),
|
||||||
|
|||||||
Reference in New Issue
Block a user