Enhanced a bit get-session-creds script and added kerbrute to prepare-linux

clouds/aws/get-session-creds-in-config-format.sh

@@ -11,15 +11,33 @@
 # Configure below variables.
 #
 PROFILE_NAME=your-profile-name
-SERIAL_MFA=arn:aws:iam::<NUMBER>:mfa/<USER-NAME>
 ROLE_NAME=Your_Role_Name
 ROLE_ARN=arn:aws:iam::<NUMBER>:role/$ROLE_NAME
+
+# If you leave this field empty - one will be deduced from `aws sts get-caller-identity` output
+#SERIAL_MFA=arn:aws:iam::<NUMBER>:mfa/<USER-NAME>
+SERIAL_MFA=
+
+# Values possible range: 900-43200
 DURATION=42000
 
 #
 # ------------------------
 #
 
+# Some times assume-role may return with an Access-Denied if there were no account authenticated
+# regular commands sent first.
+out=$(aws sts get-caller-identity)
+if [ $? -ne 0 ]; then
+	echo "[!] Could not get caller's identity: "
+	echo $out
+	exit 1
+fi
+
+if [[ "$SERIAL_MFA" = "" ]]; then
+	SERIAL_MFA=$(echo "$out" | python -c "import sys,json; foo=json.loads(sys.stdin.read()); print('arn:aws:iam::{}:mfa/{}'.format(foo['Account'], foo['Arn'].split('/')[1]))" )
+fi
+
 read -p "Type your AWS MFA Code: " code
 echo
 
@@ -30,5 +48,7 @@ if [ $? -eq 0 ]; then
 	echo "$out" | python3 -c 'import sys,json; foo=json.loads(sys.stdin.read()); print("aws_access_key_id={}\naws_secret_access_key={}\naws_session_token={}".format(foo["Credentials"]["AccessKeyId"],foo["Credentials"]["SecretAccessKey"],foo["Credentials"]["SessionToken"]))'
 	echo
 else
+	echo "[!] Could not obtain assume-role session credentials:"
 	echo $out
+	exit 1
 fi

linux/prepare-kali.sh

@@ -44,7 +44,7 @@ configure_neo4j() {
 
 apt update ; apt upgrade -y
 
-apt install -y git build-essential binutils-dev vim python3 libunwind-dev python unzip python-pip python3-pip python3-venv python3-setuptools libssl-dev autoconf automake libtool python2.7-dev python3.7-dev python3-tk jq awscli npm graphviz golang python-software-properties neo4j libgconf-2-4 bloodhound lftp chromium heimdal-clients
+apt install -y git build-essential binutils-dev vim python3 libunwind-dev python unzip python-pip python3-pip python3-venv python3-setuptools libssl-dev autoconf automake libtool python2.7-dev python3.7-dev python3-tk jq awscli npm graphviz golang python-software-properties neo4j libgconf-2-4 bloodhound lftp chromium heimdal-clients python-ldap rdate
 pip3 install virtualenv awscli wheel boto3 botocore
 pip install virtualenv wheel boto3 botocore pyinstaller lxml
 
@@ -249,6 +249,13 @@ git_clone https://github.com/rsmudge/Malleable-C2-Profiles.git
 git_clone https://github.com/sense-of-security/ADRecon.git
 git_clone https://github.com/threatexpress/malleable-c2.git
 git_clone https://github.com/ropnop/kerbrute.git
+cd kerbrute
+wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_windows_amd64.exe
+wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_windows_386.exe
+wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_linux_amd64
+wget https://github.com/ropnop/kerbrute/releases/download/v1.0.1/kerbrute_linux_386
+chmod +x kerbrute_*
+cd ..
 git_clone https://github.com/Raikia/CredNinja.git
 git_clone https://github.com/cobbr/Covenant.git
 cd Covenant