From 4f189a6fc7dffc23464d3cd18334d3efab7d94af Mon Sep 17 00:00:00 2001 From: mgeeky Date: Thu, 16 May 2019 10:37:11 +0200 Subject: [PATCH] Enhanced a bit get-session-creds script and added kerbrute to prepare-linux --- .../aws/get-session-creds-in-config-format.sh | 24 +++++++++++++++++-- linux/prepare-kali.sh | 9 ++++++- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/clouds/aws/get-session-creds-in-config-format.sh b/clouds/aws/get-session-creds-in-config-format.sh index 1e60e9b..fbf2c27 100644 --- a/clouds/aws/get-session-creds-in-config-format.sh +++ b/clouds/aws/get-session-creds-in-config-format.sh @@ -11,15 +11,33 @@ # Configure below variables. # PROFILE_NAME=your-profile-name -SERIAL_MFA=arn:aws:iam:::mfa/ ROLE_NAME=Your_Role_Name ROLE_ARN=arn:aws:iam:::role/$ROLE_NAME + +# If you leave this field empty - one will be deduced from `aws sts get-caller-identity` output +#SERIAL_MFA=arn:aws:iam:::mfa/ +SERIAL_MFA= + +# Values possible range: 900-43200 DURATION=42000 # # ------------------------ # +# Some times assume-role may return with an Access-Denied if there were no account authenticated +# regular commands sent first. +out=$(aws sts get-caller-identity) +if [ $? -ne 0 ]; then + echo "[!] Could not get caller's identity: " + echo $out + exit 1 +fi + +if [[ "$SERIAL_MFA" = "" ]]; then + SERIAL_MFA=$(echo "$out" | python -c "import sys,json; foo=json.loads(sys.stdin.read()); print('arn:aws:iam::{}:mfa/{}'.format(foo['Account'], foo['Arn'].split('/')[1]))" ) +fi + read -p "Type your AWS MFA Code: " code echo @@ -30,5 +48,7 @@ if [ $? -eq 0 ]; then echo "$out" | python3 -c 'import sys,json; foo=json.loads(sys.stdin.read()); print("aws_access_key_id={}\naws_secret_access_key={}\naws_session_token={}".format(foo["Credentials"]["AccessKeyId"],foo["Credentials"]["SecretAccessKey"],foo["Credentials"]["SessionToken"]))' echo else + echo "[!] Could not obtain assume-role session credentials:" echo $out -fi \ No newline at end of file + exit 1 +fi diff --git a/linux/prepare-kali.sh b/linux/prepare-kali.sh index 7fdfd97..9616b36 100644 --- a/linux/prepare-kali.sh +++ b/linux/prepare-kali.sh @@ -44,7 +44,7 @@ configure_neo4j() { apt update ; apt upgrade -y -apt install -y git build-essential binutils-dev vim python3 libunwind-dev python unzip python-pip python3-pip python3-venv python3-setuptools libssl-dev autoconf automake libtool python2.7-dev python3.7-dev python3-tk jq awscli npm graphviz golang python-software-properties neo4j libgconf-2-4 bloodhound lftp chromium heimdal-clients +apt install -y git build-essential binutils-dev vim python3 libunwind-dev python unzip python-pip python3-pip python3-venv python3-setuptools libssl-dev autoconf automake libtool python2.7-dev python3.7-dev python3-tk jq awscli npm graphviz golang python-software-properties neo4j libgconf-2-4 bloodhound lftp chromium heimdal-clients python-ldap rdate pip3 install virtualenv awscli wheel boto3 botocore pip install virtualenv wheel boto3 botocore pyinstaller lxml @@ -249,6 +249,13 @@ git_clone https://github.com/rsmudge/Malleable-C2-Profiles.git git_clone https://github.com/sense-of-security/ADRecon.git git_clone https://github.com/threatexpress/malleable-c2.git git_clone https://github.com/ropnop/kerbrute.git +cd kerbrute +wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_windows_amd64.exe +wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_windows_386.exe +wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_linux_amd64 +wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_linux_386 +chmod +x kerbrute_* +cd .. git_clone https://github.com/Raikia/CredNinja.git git_clone https://github.com/cobbr/Covenant.git cd Covenant