From 3e412a8de34f84f57957ed62bd3f025fa807a49e Mon Sep 17 00:00:00 2001 From: Jon Hart Date: Thu, 8 Dec 2016 12:59:54 -0800 Subject: [PATCH] Start documenting api/console create options --- .../modules/post/multi/escalate/aws_create_iam_user.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/documentation/modules/post/multi/escalate/aws_create_iam_user.md b/documentation/modules/post/multi/escalate/aws_create_iam_user.md index 604e683f92..2e172439a5 100644 --- a/documentation/modules/post/multi/escalate/aws_create_iam_user.md +++ b/documentation/modules/post/multi/escalate/aws_create_iam_user.md @@ -65,8 +65,8 @@ aws_create_iam_user can be used to take over an AWS account given access to a host having 1). overly permissive instance profile/role, 2). API Access keys. Once a foothold is established, you can run the module to pull temporary access keys from the metadata service. If this fails, search the instance for -API access keys, e.g., see ~/aws/credentals, and set `AccessKeyId`, -`SecretAccessKey`, & `Token` (optional). +API access keys, e.g., see ~/.aws/credentials, and set `AccessKeyId`, +`SecretAccessKey`, & `Token` (optional). ## Options @@ -75,6 +75,8 @@ API access keys, e.g., see ~/aws/credentals, and set `AccessKeyId`, * `SecretAccessKey`: set this if you find access keys on the host and instance has no profile/privileges * `Token`: set this if you find access keys on the host and instance has no profile/privileges. This is optional as this signifies temporary keys, if you find these, these are most likely expired. * `Proxies`: depending on your environment, you may wan to proxy your calls to AWS. +* `CREATE_API`: when true, creates API keys for this user +* `CREATE_CONSOLE`: when true, creates a password for this user so that they can access the AWS console ### Establish a foothold @@ -212,4 +214,4 @@ You can see the API keys stored in loot: $ cat ~/.msf4/loot/20161121175902_default_52.1.2.3_AKIA_881948.txt {"AccessKeyId":"AKIA...","SecretAccessKey":"THE SECRET ACCESS KEY...","AccessKeySelector":"HMAC","UserName":"metasploit","Status":"Active","CreateDate":"2016-11-21T17:59:51.967Z"} -``` \ No newline at end of file +```