Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fireprox] SSO profiles fail #69

Open
TheToddLuci0 opened this issue Oct 17, 2023 · 0 comments
Open

[Fireprox] SSO profiles fail #69

TheToddLuci0 opened this issue Oct 17, 2023 · 0 comments

Comments

@TheToddLuci0
Copy link
Contributor 

──(venv)─(kali㉿kali)-[~/git/CredMaster]
└─$ aws sso login --profile redteam-pwr
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-east-1.amazonaws.com/

Then enter the code:

XXXX-XXXX
Successfully logged into Start URL: https://XXXXXXXX.awsapps.com/start#
                                                                                                                                                                                                                                            
┌──(venv)─(kali㉿kali)-[~/git/CredMaster]
└─$ python3 credmaster.py --profile redteam-pwr --clean                                                                                                            
[2023-10-17 14:59:24.325] Clearing APIs for all regions
Error, inputs cause error.
Unable to load AWS credentials

Looks like the issue is here:

CredMaster/utils/fire.py

Lines 75 to 98 in 2d8092d

# If profile in files, try it, but flow through if it does not work
config_profile_section = f'profile {self.profile_name}'
if self.profile_name in credentials:
if config_profile_section not in config:
print(f'Please create a section for {self.profile_name} in your ~/.aws/config file')
return False
self.region = config[config_profile_section].get('region', 'us-east-1')
try:
self.client = boto3.session.Session(profile_name=self.profile_name).client('apigateway', config=Config(retries = dict(max_attempts = 10)))
self.client.get_account()
return True
except:
pass
# Maybe had profile, maybe didn't
if self.access_key and self.secret_access_key:
try:
self.client = boto3.client(
'apigateway',
aws_access_key_id=self.access_key,
aws_secret_access_key=self.secret_access_key,
aws_session_token=self.session_token,
region_name=self.region,
config=Config(retries = dict(max_attempts = 10))
)

The code assumes that you have a hard-coded cred somewhere, which isn't the case if you're using SSO profiles.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TheToddLuci0