Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Minor fix to identity pools #374

Merged
merged 3 commits into from
Oct 9, 2023
Merged

Minor fix to identity pools #374

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
82ddefa
Minor fix to identity pool treatment
Oct 9, 2023
04e2a26
Merge remote-tracking branch 'upstream/master'
Oct 9, 2023
841007d
Merge branch 'master' into master
DaveYesland Oct 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 15 additions & 14 deletions pacu/modules/cognito__attack/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ def main(args, pacu_main):
all_new_regions = []
attack_user_pool_clients = []
cognito_identity_pools = []

identity_pool = ''
session = pacu_main.get_active_session()
args = parser.parse_args(args)
print = pacu_main.print
Expand Down Expand Up @@ -360,6 +360,7 @@ def main(args, pacu_main):
aws = []
aws2session = ""
qr_img = []
test = ""
tokens = []
client = pacu_main.get_boto3_client("cognito-idp", up_client["Region"])
identity_client = pacu_main.get_boto3_client(
Expand Down Expand Up @@ -571,7 +572,7 @@ def main(args, pacu_main):
identity_client,
identity_pool,
roles,
region,
up_client["Region"],
up_client["UserPoolId"],
tokens["AuthenticationResult"]["IdToken"],
)
Expand All @@ -583,7 +584,7 @@ def main(args, pacu_main):
)
attack_user["UserAttributes"] = attack_user_data["UserAttributes"]
attack_users.append(attack_user)
exit
continue

if tokens["ChallengeName"] == "MFA_SETUP":
try:
Expand Down Expand Up @@ -759,7 +760,7 @@ def main(args, pacu_main):
"UserAttributes"
]
attack_users.append(attack_user)
exit
continue

except ClientError as err:
print(err)
Expand Down Expand Up @@ -875,7 +876,7 @@ def main(args, pacu_main):

print(f"List all custom attributes for all users in all user pools (y/n)?")
choice = input()
if choice.lower() == "y":
if choice.lower() == "y" and session.Cognito["UsersInPools"] is not None:
for user in session.Cognito["UsersInPools"]:
if any(
search_string in attribute["Name"] for attribute in user["Attributes"]
Expand Down Expand Up @@ -1014,7 +1015,7 @@ def prompt_assume_roles(
print(f"{i + 1}. {role}")
choice = input('Enter the number of the role you want to assume (or "n" to skip): ')
if choice.lower() == "n":
return
return False
try:
index = int(choice) - 1
if 0 <= index < len(roles):
Expand Down Expand Up @@ -1043,10 +1044,10 @@ def prompt_assume_roles(
return new_role
else:
print("Invalid choice.")
return
return False
except ValueError:
print("Invalid choice.")
return
return False


def get_custom_attributes(
Expand Down Expand Up @@ -1079,13 +1080,13 @@ def get_custom_attributes(
print("Printing all current attributes: ")
print(currentuser["UserAttributes"])
prompt = (
f"Enter attribute name to modify for user"
f"Enter attribute name to modify for user "
+ currentuser["Username"]
+ " or hit enter to skip: "
)
attribute_name = input(prompt)
prompt = (
f"Enter attribute value to set for user"
f"Enter attribute value to set for user "
+ currentuser["Username"]
+ " or hit enter to skip: "
)
Expand Down Expand Up @@ -1300,7 +1301,7 @@ def get_identity_credentials(
print("FAILURE: ")
code = error.response["Error"]["Code"]
print(" " + code)
return False
continue
if id_token is not None:
try:
logins = {
Expand All @@ -1319,7 +1320,7 @@ def get_identity_credentials(
print(" Access denied to GetId or GetCredentialsForIdentity.")
else:
print(" " + code)
print(" Skipping identity pool enumeration...")
print(" Skipping identity pool enumeration for this identity client...")
else:
try:
print(
Expand All @@ -1334,7 +1335,7 @@ def get_identity_credentials(
print(" Access denied to GetId or GetCredentialsForIdentity.")
else:
print(" " + code)
print(" Skipping identity pool enumeration...")
print(" Skipping identity pool enumeration for this identity client...")
if identity_creds["Credentials"]["AccessKeyId"] is not None:
print("Access Key ID found.")
identity_pool["AccessKeyId"] = identity_creds["Credentials"][
Expand All @@ -1357,4 +1358,4 @@ def get_identity_credentials(
"Expiration"
]
print(identity_pool["Expiration"])
return identity_pool
return identity_pool
Loading