dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ec2 updates for error handling

Browse Source
This commit is contained in:
carnal0wnage
2018-04-26 23:56:07 -04:00
parent 137ca0ef61
commit dcc98a88b8
1 changed files with 104 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
libs/ec2.py
View File

@@ -485,29 +485,30 @@ def get_console_screenshot_all():
for r in response['Reservations']: for r in response['Reservations']:
for i in r['Instances']: for i in r['Instances']:
instanceid = i['InstanceId'] instanceid = i['InstanceId']
try: if i['State']['Name'] == "running":
client = boto3.client('ec2', region_name=region) try:
print("[INFO] Checking for required permissions to screenshot: {} on {} [INFO]" .format(instanceid, region)) client = boto3.client('ec2', region_name=region)
response = client.get_console_screenshot(DryRun=True, InstanceId=instanceid, WakeUp=True) print("[INFO] Checking for required permissions to screenshot: {} on {} [INFO]" .format(instanceid, region))
except botocore.exceptions.ClientError as e: response = client.get_console_screenshot(DryRun=True, InstanceId=instanceid, WakeUp=True)
if e.response['Error']['Code'] == 'DryRunOperation': except botocore.exceptions.ClientError as e:
print('[+] {} : Has permissions...proceeding with the screenshot attempt [+]' .format(AWS_ACCESS_KEY_ID)) if e.response['Error']['Code'] == 'DryRunOperation':
response = client.get_console_screenshot(DryRun=False, InstanceId=instanceid, WakeUp=True) print('[+] {} : Has permissions...proceeding with the screenshot attempt [+]' .format(AWS_ACCESS_KEY_ID))
print('[+] Writing screenshot to screenshots/{}.png [+]'.format(instanceid)) response = client.get_console_screenshot(DryRun=False, InstanceId=instanceid, WakeUp=True)
file = open('{}/screenshots/{}.png'.format(os.getcwd(), instanceid), "wb") print('[+] Writing screenshot to screenshots/{}.png [+]'.format(instanceid))
file.write(base64.b64decode(response['ImageData'])) file = open('{}/screenshots/{}.png'.format(os.getcwd(), instanceid), "wb")
file.close file.write(base64.b64decode(response['ImageData']))
# print(response) file.close
elif e.response['Error']['Code'] == 'UnauthorizedOperation': # print(response)
print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'UnauthorizedOperation':
elif e.response['Error']['Message'] == 'InternalError': print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Message'] == 'InternalError':
elif e.response['Error']['Code'] == 'InternalError': print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'InternalError':
elif e.response['Error']['Code'] == 'SubscriptionRequiredException': print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
else: print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
print(e) else:
print(e)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'UnauthorizedOperation': if e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
@@ -531,29 +532,32 @@ def get_console_screenshot_all_region(region):
for r in response['Reservations']: for r in response['Reservations']:
for i in r['Instances']: for i in r['Instances']:
instanceid = i['InstanceId'] instanceid = i['InstanceId']
try: if i['State']['Name'] == "running":
client = boto3.client('ec2', region_name=region) try:
print("[INFO] Checking for required permissions to screenshot: {} on {} [INFO]" .format(instanceid, region)) client = boto3.client('ec2', region_name=region)
response = client.get_console_screenshot(DryRun=True, InstanceId=instanceid, WakeUp=True) print("[INFO] Checking for required permissions to screenshot: {} on {} [INFO]" .format(instanceid, region))
except botocore.exceptions.ClientError as e: response = client.get_console_screenshot(DryRun=True, InstanceId=instanceid, WakeUp=True)
if e.response['Error']['Code'] == 'DryRunOperation': except botocore.exceptions.ClientError as e:
print('[+] {} : Has permissions...proceeding with the screenshot attempt [+]' .format(AWS_ACCESS_KEY_ID)) if e.response['Error']['Code'] == 'DryRunOperation':
response = client.get_console_screenshot(DryRun=False, InstanceId=instanceid, WakeUp=True) print('[+] {} : Has permissions...proceeding with the screenshot attempt [+]' .format(AWS_ACCESS_KEY_ID))
print('[+] Writing screenshot to screenshots/{}.png [+]'.format(instanceid)) response = client.get_console_screenshot(DryRun=False, InstanceId=instanceid, WakeUp=True)
file = open('{}/screenshots/{}.png'.format(os.getcwd(), instanceid), "wb") print('[+] Writing screenshot to screenshots/{}.png [+]'.format(instanceid))
file.write(base64.b64decode(response['ImageData'])) file = open('{}/screenshots/{}.png'.format(os.getcwd(), instanceid), "wb")
file.close file.write(base64.b64decode(response['ImageData']))
# print(response) file.close
elif e.response['Error']['Code'] == 'UnauthorizedOperation': # print(response)
print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'UnauthorizedOperation':
elif e.response['Error']['Message'] == 'InternalError': print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Message'] == 'InternalError':
elif e.response['Error']['Code'] == 'InternalError': print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'InternalError':
elif e.response['Error']['Code'] == 'SubscriptionRequiredException': print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
else: print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
print(e) elif e.response['Error']['Code'] == 'InvalidInstanceID.NotFound':
print('{} : instance not found' .format(AWS_ACCESS_KEY_ID))
else:
print(e)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'UnauthorizedOperation': if e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
@@ -649,29 +653,33 @@ def get_console_output_all():
for r in response['Reservations']: for r in response['Reservations']:
for i in r['Instances']: for i in r['Instances']:
instanceid = i['InstanceId'] instanceid = i['InstanceId']
try: if i['State']['Name'] == "running":
client = boto3.client('ec2', region_name=region) try:
print("[INFO] Checking for required permissions to get console output: {} on {} [INFO]" .format(instanceid, region)) client = boto3.client('ec2', region_name=region)
response = client.get_console_output(DryRun=True, InstanceId=instanceid) print("[INFO] Checking for required permissions to get console output: {} on {} [INFO]" .format(instanceid, region))
except botocore.exceptions.ClientError as e: response = client.get_console_output(DryRun=True, InstanceId=instanceid)
if e.response['Error']['Code'] == 'DryRunOperation': except botocore.exceptions.ClientError as e:
print('[+] {} : Has permissions...proceeding with the console output attempt [+]' .format(AWS_ACCESS_KEY_ID)) if e.response['Error']['Code'] == 'DryRunOperation':
response = client.get_console_output(DryRun=False, InstanceId=instanceid) print('[+] {} : Has permissions...proceeding with the console output attempt [+]' .format(AWS_ACCESS_KEY_ID))
print('[+] Writing console output to loot/{}-console.txt [+]'.format(instanceid)) response = client.get_console_output(DryRun=False, InstanceId=instanceid)
file = open('{}/loot/{}-console.txt'.format(os.getcwd(), instanceid), "w") print('[+] Writing console output to loot/{}-console.txt [+]'.format(instanceid))
file.write(str(response['Output'])) if response.get('Output') is None:
file.close print("[-]no output from {} [-]".format(instanceid))
# print(response) else:
elif e.response['Error']['Code'] == 'UnauthorizedOperation': file = open('{}/loot/{}-console.txt'.format(os.getcwd(), instanceid), "w")
print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) file.write(str(response['Output']))
elif e.response['Error']['Message'] == 'InternalError': file.close
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) # print(response)
elif e.response['Error']['Code'] == 'InternalError': elif e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException': elif e.response['Error']['Message'] == 'InternalError':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
else: elif e.response['Error']['Code'] == 'InternalError':
print(e) print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
else:
print(e)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'UnauthorizedOperation': if e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
@@ -695,29 +703,33 @@ def get_console_output_all_region(region):
for r in response['Reservations']: for r in response['Reservations']:
for i in r['Instances']: for i in r['Instances']:
instanceid = i['InstanceId'] instanceid = i['InstanceId']
try: if i['State']['Name'] == "running":
client = boto3.client('ec2', region_name=region) try:
print("[INFO] Checking for required permissions to get console output: {} on {} [INFO]" .format(instanceid, region)) client = boto3.client('ec2', region_name=region)
response = client.get_console_output(DryRun=True, InstanceId=instanceid) print("[INFO] Checking for required permissions to get console output: {} on {} [INFO]" .format(instanceid, region))
except botocore.exceptions.ClientError as e: response = client.get_console_output(DryRun=True, InstanceId=instanceid)
if e.response['Error']['Code'] == 'DryRunOperation': except botocore.exceptions.ClientError as e:
print('[+] {} : Has permissions...proceeding with the console output attempt [+]' .format(AWS_ACCESS_KEY_ID)) if e.response['Error']['Code'] == 'DryRunOperation':
response = client.get_console_output(DryRun=False, InstanceId=instanceid) print('[+] {} : Has permissions...proceeding with the console output attempt [+]' .format(AWS_ACCESS_KEY_ID))
print('[+] Writing console output to loot/{}-console.txt [+]'.format(instanceid)) response = client.get_console_output(DryRun=False, InstanceId=instanceid)
file = open('{}/loot/{}-console.txt'.format(os.getcwd(), instanceid), "w") print('[+] Writing console output to loot/{}-console.txt [+]'.format(instanceid))
file.write(str(response['Output'])) if response.get('Output') is None:
file.close print("[-]no output from {} [-]".format(instanceid))
# print(response) else:
elif e.response['Error']['Code'] == 'UnauthorizedOperation': file = open('{}/loot/{}-console.txt'.format(os.getcwd(), instanceid), "w")
print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) file.write(str(response['Output']))
elif e.response['Error']['Message'] == 'InternalError': file.close
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) # print(response)
elif e.response['Error']['Code'] == 'InternalError': elif e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID)) print('{} : (UnauthorizedOperation) when calling get_console_screenshot -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException': elif e.response['Error']['Message'] == 'InternalError':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID)) print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
else: elif e.response['Error']['Code'] == 'InternalError':
print(e) print('{} : Has permissions but an internal error occured - check manually' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
else:
print(e)
except botocore.exceptions.ClientError as e: except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'UnauthorizedOperation': if e.response['Error']['Code'] == 'UnauthorizedOperation':
print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID)) print('{} : (UnauthorizedOperation) when calling the DescribeVolumes -- sure you have required ec2 permissions?' .format(AWS_ACCESS_KEY_ID))