Skip to content

[Fireprox] SSO profiles fail #69

New issue
New issue
Open
Open
[Fireprox] SSO profiles fail#69
@TheToddLuci0

Description

@TheToddLuci0
TheToddLuci0
opened on Oct 17, 2023
──(venv)─(kali㉿kali)-[~/git/CredMaster]
└─$ aws sso login --profile redteam-pwr
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-east-1.amazonaws.com/

Then enter the code:

XXXX-XXXX
Successfully logged into Start URL: https://XXXXXXXX.awsapps.com/start#
                                                                                                                                                                                                                                            
┌──(venv)─(kali㉿kali)-[~/git/CredMaster]
└─$ python3 credmaster.py --profile redteam-pwr --clean                                                                                                            
[2023-10-17 14:59:24.325] Clearing APIs for all regions
Error, inputs cause error.
Unable to load AWS credentials

Looks like the issue is here:

CredMaster/utils/fire.py

Lines 75 to 98 in 2d8092d

# If profile in files, try it, but flow through if it does not work
config_profile_section = f'profile {self.profile_name}'
if self.profile_name in credentials:
if config_profile_section not in config:
print(f'Please create a section for {self.profile_name} in your ~/.aws/config file')
return False
self.region = config[config_profile_section].get('region', 'us-east-1')
try:
self.client = boto3.session.Session(profile_name=self.profile_name).client('apigateway', config=Config(retries = dict(max_attempts = 10)))
self.client.get_account()
return True
except:
pass
# Maybe had profile, maybe didn't
if self.access_key and self.secret_access_key:
try:
self.client = boto3.client(
'apigateway',
aws_access_key_id=self.access_key,
aws_secret_access_key=self.secret_access_key,
aws_session_token=self.session_token,
region_name=self.region,
config=Config(retries = dict(max_attempts = 10))
)

The code assumes that you have a hard-coded cred somewhere, which isn't the case if you're using SSO profiles.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions