fix(profile): use different profiles for attacker/created acccount an…

util/scripts/lw_aws_exploit.sh

@@ -14,7 +14,16 @@ cyn=$'\e[1;36m'
 end=$'\e[0m'
 
 USERNAME=${1:-system}
-PROFILE=lacework
+PROFILE=${2:-$AWS_PROFILE}
+ATTACKER_PROFILE=attack
+
+if [ -z $PROFILE ]; then
+    echo "must pass profile as second argument or set AWS_PROFILE before execution"
+    exit 1
+fi
+
+# Disabling paging
+export AWS_PAGER=""
 
 # Create a new IAM user
 echo "${grn}Creating a new IAM user called ${mag}$USERNAME${end}"
@@ -23,43 +32,44 @@ aws iam create-user --user-name $USERNAME --profile $PROFILE | jq
 aws iam create-access-key --user-name $USERNAME --profile $PROFILE > creds.json
 echo ""
 echo "${grn}Granting PowerUser access to ${mag}$USERNAME${end}"
-aws iam attach-user-policy --user-name $USERNAME --profile $PROFILE --policy-arn arn:aws:iam::aws:policy/PowerUserAccess
+aws iam attach-user-policy --user-name $USERNAME --policy-arn arn:aws:iam::aws:policy/PowerUserAccess --profile $PROFILE
 export KEY=$(cat creds.json | jq -r .AccessKey.AccessKeyId)
 export SECRET=$(cat creds.json | jq -r .AccessKey.SecretAccessKey)
 
 # Here we start using the new account profile and creds
 echo ""
 echo "${grn}Creating a new S3 bucket and uploading a file...${end}"
-aws configure set aws_access_key_id "$KEY" --profile $PROFILE
-aws configure set aws_secret_access_key "$SECRET" --profile $PROFILE
+aws configure set aws_access_key_id "$KEY" --profile $ATTACKER_PROFILE
+aws configure set aws_secret_access_key "$SECRET" --profile $ATTACKER_PROFILE
+
 sleep 10
-bucket=$(aws s3api create-bucket --bucket dropbox-$RANDOM --region us-east-1 --object-ownership ObjectWriter --profile $PROFILE | jq -r .Location)
+bucket=$(aws s3api create-bucket --bucket dropbox-$RANDOM --region us-east-1 --object-ownership ObjectWriter --profile $ATTACKER_PROFILE | jq -r .Location)
 bucket=${bucket#/}
 
 
 aws s3api put-public-access-block \
+    --profile $ATTACKER_PROFILE \
     --bucket $bucket \
-    --public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false" \
-    --profile $PROFILE
+    --public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
 
-aws s3api put-bucket-acl --bucket $bucket --acl public-read --profile $PROFILE
+aws s3api put-bucket-acl --bucket $bucket --acl public-read --profile $ATTACKER_PROFILE
 
 curl -H "Accept: application/json" https://icanhazdadjoke.com/ > badfile.json
 echo ""
 echo "${grn}Uploading secret data...${end}"
-aws s3api put-object --acl public-read --bucket $bucket --key badfile.json --body badfile.json  --profile $PROFILE 
+aws s3api put-object --acl public-read --bucket $bucket --key badfile.json --body badfile.json  --profile $ATTACKER_PROFILE
 sleep 10
 
 echo ""
 echo "${grn}Data uploaded. Preparing to destroy...${end}"
 sleep 10
 echo "${grn}Deleting file and S3 bucket...${end}"
-aws s3api delete-object --bucket $bucket --key badfile.json --profile $PROFILE 
-aws s3api delete-bucket --bucket $bucket --profile $PROFILE 
+aws s3api delete-object --bucket $bucket --key badfile.json --profile $ATTACKER_PROFILE 
+aws s3api delete-bucket --bucket $bucket --profile $ATTACKER_PROFILE 
 
 # Exit back out to our regular context
 echo "${grn}Cleaning up..."
-aws iam detach-user-policy --user-name $USERNAME --profile $PROFILE --policy-arn arn:aws:iam::aws:policy/PowerUserAccess
+aws iam detach-user-policy --user-name $USERNAME --policy-arn arn:aws:iam::aws:policy/PowerUserAccess --profile $PROFILE
 aws iam delete-access-key --access-key-id $KEY --user-name $USERNAME --profile $PROFILE
 aws iam delete-user --user-name $USERNAME --profile $PROFILE
 rm creds.json