infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added options for setting the PASSWORD and GROUPNAME

bug/bundler_fix
Javier Godinez 2016-12-08 16:13:31 -08:00
parent b9a7ed915a
commit a17d1a7e19
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/post/multi/escalate/aws_create_iam_user.rb
View File

@ -36,6 +36,8 @@ class MetasploitModule < Msf::Post
register_options( register_options(
[ [
OptString.new('IAM_USERNAME', [false, 'Name of the user to be created (leave empty or unset to use a random name)', '']), OptString.new('IAM_USERNAME', [false, 'Name of the user to be created (leave empty or unset to use a random name)', '']),
OptString.new('IAM_PASSWORD', [false, 'Password to set for the user to be created (leave empty or unset to use a random name)', '']),
OptString.new('IAM_GROUPNAME', [false, 'Name of the group to be created (leave empty or unset to use a random name)', '']),
OptBool.new('CREATE_API', [true, 'Add access key ID and secret access key to account (API, CLI, and SDK access)', true]), OptBool.new('CREATE_API', [true, 'Add access key ID and secret access key to account (API, CLI, and SDK access)', true]),
OptBool.new('CREATE_CONSOLE', [true, 'Create an account with a password for accessing the AWS management console', true]), OptBool.new('CREATE_CONSOLE', [true, 'Create an account with a password for accessing the AWS management console', true]),
OptString.new('AccessKeyId', [false, 'AWS access key', '']), OptString.new('AccessKeyId', [false, 'AWS access key', '']),
@ -89,7 +91,7 @@ class MetasploitModule < Msf::Post
results['UserName'] = username results['UserName'] = username
# create group # create group
groupname = username groupname = datastore['IAM_GROUPNAME'].blank? ? username : datastore['IAM_GROUPNAME']
print_status("Creating group: #{groupname}") print_status("Creating group: #{groupname}")
action = 'CreateGroup' action = 'CreateGroup'
doc = call_iam(creds, 'Action' => action, 'GroupName' => groupname) doc = call_iam(creds, 'Action' => action, 'GroupName' => groupname)
@ -97,11 +99,10 @@ class MetasploitModule < Msf::Post
results['GroupName'] = groupname results['GroupName'] = groupname
# create group policy # create group policy
policyname = username print_status("Creating group policy")
print_status("Creating group policy: #{policyname}")
pol_doc = datastore['IAM_GROUP_POL'] pol_doc = datastore['IAM_GROUP_POL']
action = 'PutGroupPolicy' action = 'PutGroupPolicy'
doc = call_iam(creds, 'Action' => action, 'GroupName' => groupname, 'PolicyName' => policyname, 'PolicyDocument' => URI.encode(pol_doc)) doc = call_iam(creds, 'Action' => action, 'GroupName' => groupname, 'PolicyName' => 'Policy', 'PolicyDocument' => URI.encode(pol_doc))
print_results(doc, action) print_results(doc, action)
# add user to group # add user to group
@ -123,7 +124,7 @@ class MetasploitModule < Msf::Post
if datastore['CREATE_CONSOLE'] if datastore['CREATE_CONSOLE']
print_status("Creating password for #{username}") print_status("Creating password for #{username}")
password = username password = datastore['IAM_PASSWORD'].blank? ? Rex::Text.rand_text_alphanumeric(16) : datastore['IAM_PASSWORD']
action = 'CreateLoginProfile' action = 'CreateLoginProfile'
response = call_iam(creds, 'Action' => action, 'UserName' => username, 'Password' => password) response = call_iam(creds, 'Action' => action, 'UserName' => username, 'Password' => password)
doc = print_results(response, action) doc = print_results(response, action)