Added get-session-creds-in-config-format.sh and couple of repos to prepare-kali.sh

This commit is contained in:
mgeeky 2019-05-14 18:15:14 +02:00
parent afbe57557a
commit 7aef456c20
3 changed files with 38 additions and 0 deletions

View File

@ -95,6 +95,8 @@ Afterwards, one should see following logs in CloudWatch traces for planted Lambd
- **`exfiltrateLambdaTasksDirectory.py`** - Script that creates an in-memory ZIP file from the entire directory `$LAMBDA_TASK_ROOT` (typically `/var/task`) and sends it out in a form of HTTP(S) POST request, within an `exfil` parameter. To be used for exfiltrating AWS Lambda's entire source code.
- **`get-session-creds-in-config-format.sh`** - Calls `aws sts assume-role` using MFA token in order to then retrieve session credentials and reformat it into `~/.aws/credentials` file format. Having that it's easy to copy-and-paste that script's output into credentials file. Then tools such as _s3tk_ that are unable to process MFA tokens may just use preconfigured profile creds.
- **`identifyS3Bucket.rb`** - This script attempts to identify passed name whether it resolves to a valid AWS S3 Bucket via different means. This script may come handy when revealing S3 buckets hidden behind HTTP proxies.
- **`pentest-ec2-instance`** - A set of utilities for quick starting, ssh-ing and stopping of a single temporary EC2 instance intended to be used for Web out-of-band tests (SSRF, reverse-shells, dns/http/other daemons).

View File

@ -0,0 +1,34 @@
#!/bin/bash
#
# This script simply calls `aws sts assume-role` using hardcoded parameters, in order
# to retrieve set of session credentials and reformat it into ~/.aws/credentials file format.
#
# Mariusz B., mgeeky '19
#
#
# Configure below variables.
#
PROFILE_NAME=your-profile-name
SERIAL_MFA=arn:aws:iam::<NUMBER>:mfa/<USER-NAME>
ROLE_NAME=MWRAuditRole
ROLE_ARN=arn:aws:iam::<NUMBER>:role/$ROLE_NAME
DURATION=42000
#
# ------------------------
#
read -p "Type your AWS MFA Code: " code
echo
out=$(aws sts assume-role --serial-number $SERIAL_MFA --role-arn $ROLE_ARN --role-session-name $ROLE_NAME --duration-seconds $DURATION --token-code $code)
if [ $? -eq 0 ]; then
echo "[$PROFILE_NAME]"
echo "$out" | python3 -c 'import sys,json; foo=json.loads(sys.stdin.read()); print("aws_access_key_id={}\naws_secret_access_key={}\naws_session_token={}".format(foo["Credentials"]["AccessKeyId"],foo["Credentials"]["SecretAccessKey"],foo["Credentials"]["SessionToken"]))'
echo
else
echo $out
fi

View File

@ -98,6 +98,7 @@ cd aws
git_clone https://github.com/RhinoSecurityLabs/pacu.git ; cd pacu ; bash install.sh ; cd ..
git_clone https://github.com/Alfresco/prowler.git
git_clone https://github.com/sa7mon/S3Scanner.git
git_clone https://github.com/ankane/s3tk.git
git_clone https://github.com/nahamsec/lazys3.git
git_clone https://github.com/andresriancho/nimbostratus.git
git_clone https://github.com/duo-labs/cloudmapper.git ; cd cloudmapper/ ; pipenv install --skip-lock ; pipenv shell ; cd ..
@ -234,6 +235,7 @@ git_clone https://github.com/pentestgeek/phishing-frenzy.git
git_clone https://github.com/trustedsec/social-engineer-toolkit.git
git_clone https://github.com/bluscreenofjeff/Malleable-C2-Randomizer.git
git_clone https://github.com/rsmudge/Malleable-C2-Profiles.git
git_clone https://github.com/sense-of-security/ADRecon.git
git_clone https://github.com/threatexpress/malleable-c2.git
git_clone https://github.com/ropnop/kerbrute.git
git_clone https://github.com/Raikia/CredNinja.git