infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Start documenting api/console create options

bug/bundler_fix
Jon Hart 2016-12-08 12:59:54 -08:00
parent 162204b338
commit 3e412a8de3
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
documentation/modules/post/multi/escalate/aws_create_iam_user.md
View File

@ -65,8 +65,8 @@ aws_create_iam_user can be used to take over an AWS account given access to
a host having 1). overly permissive instance profile/role, 2). API Access keys. a host having 1). overly permissive instance profile/role, 2). API Access keys.
Once a foothold is established, you can run the module to pull temporary Once a foothold is established, you can run the module to pull temporary
access keys from the metadata service. If this fails, search the instance for access keys from the metadata service. If this fails, search the instance for
API access keys, e.g., see ~/aws/credentals, and set `AccessKeyId`, API access keys, e.g., see ~/.aws/credentials, and set `AccessKeyId`,
`SecretAccessKey`, & `Token` (optional). `SecretAccessKey`, & `Token` (optional).
## Options ## Options
@ -75,6 +75,8 @@ API access keys, e.g., see ~/aws/credentals, and set `AccessKeyId`,
* `SecretAccessKey`: set this if you find access keys on the host and instance has no profile/privileges * `SecretAccessKey`: set this if you find access keys on the host and instance has no profile/privileges
* `Token`: set this if you find access keys on the host and instance has no profile/privileges. This is optional as this signifies temporary keys, if you find these, these are most likely expired. * `Token`: set this if you find access keys on the host and instance has no profile/privileges. This is optional as this signifies temporary keys, if you find these, these are most likely expired.
* `Proxies`: depending on your environment, you may wan to proxy your calls to AWS. * `Proxies`: depending on your environment, you may wan to proxy your calls to AWS.
* `CREATE_API`: when true, creates API keys for this user
* `CREATE_CONSOLE`: when true, creates a password for this user so that they can access the AWS console
### Establish a foothold ### Establish a foothold
@ -212,4 +214,4 @@ You can see the API keys stored in loot:
$ cat ~/.msf4/loot/20161121175902_default_52.1.2.3_AKIA_881948.txt $ cat ~/.msf4/loot/20161121175902_default_52.1.2.3_AKIA_881948.txt
{"AccessKeyId":"AKIA...","SecretAccessKey":"THE SECRET ACCESS KEY...","AccessKeySelector":"HMAC","UserName":"metasploit","Status":"Active","CreateDate":"2016-11-21T17:59:51.967Z"} {"AccessKeyId":"AKIA...","SecretAccessKey":"THE SECRET ACCESS KEY...","AccessKeySelector":"HMAC","UserName":"metasploit","Status":"Active","CreateDate":"2016-11-21T17:59:51.967Z"}
``` ```