Launches Hosts in AWS - Metasploit
This page contains detailed information about how to use the auxiliary/admin/aws/aws_launch_instances metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Launches Hosts in AWS
Module: auxiliary/admin/aws/aws_launch_instances
Source code: modules/auxiliary/admin/aws/aws_launch_instances.rb
Disclosure date: -
Last modification time: 2021-11-22 14:11:03 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): 443
List of CVEs: -
This module will attempt to launch an AWS instances (hosts) in EC2.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use auxiliary/admin/aws/aws_launch_instances
msf auxiliary(aws_launch_instances) > show targets
... a list of targets ...
msf auxiliary(aws_launch_instances) > set TARGET target-id
msf auxiliary(aws_launch_instances) > show options
... show and set options ...
msf auxiliary(aws_launch_instances) > exploit
Required Options
- RHOSTS: The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
Knowledge Base
Introduction
The Launch Instances module (aws_launch_instances) can be used to launch a
Cloud host running metasploit-aggregator (a proxy for Meterpreter sessions).
TLDR
Shell #1:
> use auxiliary/admin/aws/aws_launch_instances
> set AccessKeyId ...
> set SecretAccessKey ...
> set SSH_PUB_KEY ssh-rsa ABCDEDG123...
> set SEC_GROUP_CIDR /32
> run
[*] Created security group: sg-abcdefg
[*] Launching instance(s) in us-west-2, AMI: ami-1e299d7e, key pair name: admin, security group: sg-abcdefg, subnet ID: subnet-hijklmn
[*] Launched instance i-12345678 in us-west-2 account 012345678900
[*] instance i-12345678 status: initializing
...
[*] instance i-12345678 status: ok
[*] Instance i-12345678 has IP adrress 35.12.4.1
[*] Auxiliary module execution completed
Shell #2:
ssh [email protected] -L 2447:127.0.0.1:2447
Shell #1 again:
> load aggregator
> aggregator_connect 127.0.0.1:2447
For more information on metasploit-aggregator, see https://github.com/rapid7/metasploit-aggregator
Background
AWS API Access Keys
API access keys can be used to make calls against the AWS API, to say retrieve deployment packages from S3.
VPC
The VPC or Virtual Private Cloud, an isolated local area network. Network access can be made available by assigning an Internet routable IP address to a host or routing traffic to it through an ELB (Elastic Load Balancer). In either case security-groups are used to open access to network ranges and specific TPC/UDP ports. Security-groups provide much of the functionality of traditional firewalls and can be configured by specifyig a protocol, a CIDR and a port.
How it Works
Although hosts can be launched using the Web console or the CLI, launching a host in the Cloud requires a fair amount of configuration; this module does its best to abstract configuration requirements away from the user by auto detecting the VPC, subnets, creating security groups, etc. It performs several tasks to launch a host with a public IP address, these are as follow: 1) select a VPC, 2) select a subnet, 3) create/select a security group, 4) create/select a key-pair, and 5) launch a host.
The module will attempt to launch the host in the first VPC it finds in the
given region (Region option). Most of the time there is only one VPC per
account per region, however one might find multiple VPCs within the same region.
In this case, one may use the VPC_ID advanced option to specify the VPC to
use. Selecting a subnet is a bit more complicated. To have traffic routed
between us and the Cloud host, a public subnet (a subnet that is routable to an
Internet gateway) must be selected and the Cloud host must be associated with
an Internet routable IP address. The module dynamically finds which subnet to
launch the host in. It will use the first subnet it finds having the
Auto-assign Public IP option set, if no such subnet exists, then it will
select the first subnet having an Internet gateway. To circumvent this process,
the SUBNET_ID advanced option can be set.
When launching a Cloud host at least one security group is required. There are
several advanced options for creating/selecting a security group. The
SEC_GROUP_ID option works much in the same way the VPC_ID option does.
That is, the module will create a security group unless the SEC_GROUP_ID
options is set. If the SEC_GROUP_ID option is not set, the module will attempt
to create a security group using the values specified in the SEC_GROUP_CIDR,
SEC_GROUP_NAME, and SEC_GROUP_PORT options as configuration.
The KEY_NAME and SSH_PUB_KEY options are used in conjunction to select or
create a key-pair (a named SSH public key). Key-pairs are used to authenticate
to the host once it is running. The KEY_NAME defaults to admin while
SSH_PUB_KEY is optional. If the SSH_PUB_KEY is left unset, then the module
will not attempt to create a key-pair and will simply attempt to launch the
instance using an existing key-pair denoted by KEY_NAME. To set the
SSH_PUB_KEY option, a public SSH key must be provided as can be generated by
ssh-keygen -y -f <private key filename>. Once a key-pair is created/selected,
the module launches the host via the AWS API specifying that it should
associate a public IP address.
As part of launching the host it passes user-data (shell script) that installs metasploit-aggregator and runs it in a screen session.
Options
The Launch Instances module is an auxiliary module that can be loaded using the
use command. To run the module, only the AccessKeyId, SecretAccessKey, and
KEY_NAME options are required.
Basic Options:
AMI_ID: The Amazon Machine Image (AMI) ID (region dependent)RHOST: the AWS EC2 Endpoint (ec2.us-west-2.amazonaws.com), may change this to something closer to youRegion: The default region (us-west-2), must match endpointAccessKeyId: AWS API access keySecretAccessKey: AWS API secret access keyToken: AWS API session token, optionalKEY_NAME: The SSH key to be used for ec2-userSSH_PUB_KEY: The public SSH key to be used for ec2-user, e.g., "ssh-rsa ABCDE..."USERDATA_FILE: The script that will be executed on start
Advanced Options:
INSTANCE_TYPE: The instance typeMaxCount: Maximum number of instances to launchMinCount: Minumum number of instances to launchROLE_NAME: The instance profile/role nameRPORT:AWS EC2 Endpoint TCP PortSEC_GROUP_ID: the EC2 security group to useSEC_GROUP_CIDR: the EC2 security group network access CIDR, defaults to 0.0.0.0/0SEC_GROUP_NAME: the EC2 security group nameSEC_GROUP_PORT: the EC2 security group network access port, defaults to tcp:22SUBNET_ID: The public subnet to useUserAgent: The User-Agent header to use for all requestsVPC_ID: The EC2 VPC ID
Usage
The Launch Instances module is an auxiliary module that can be loaded using the
use command. To run the module, only the AccessKeyId, SecretAccessKey, and
KEY_NAME options are required.
msf > use auxiliary/admin/aws/aws_launch_instances
msf auxiliary(aws_launch_instances) > show options
Module options (auxiliary/admin/aws/aws_launch_instances):
Name Current Setting Required Description
---- --------------- -------- -----------
AMI_ID ami-1e299d7e yes The Amazon Machine Image (AMI) ID
AccessKeyId yes AWS access key
KEY_NAME admin yes The SSH key to be used for ec2-user
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST ec2.us-west-2.amazonaws.com yes AWS region specific EC2 endpoint
Region us-west-2 yes The default region
SSH_PUB_KEY no The public SSH key to be used for ec2-user, e.g., "ssh-rsa ABCDE..."
SecretAccessKey yes AWS secret key
Token no AWS session token
USERDATA_FILE no The script that will be executed on start
msf auxiliary(aws_launch_instances) > set SecretAccessKey asdfasd+asdfasdfasd...
SecretAccessKey => asdfasd+asdfasdfasd...
msf auxiliary(aws_launch_instances) > set AccessKeyId AKIAAKIAAKIAAKIAAKIAA
AccessKeyId => AKIAJH47PFECK3EVTBKA
msf auxiliary(aws_launch_instances) > set KEY_NAME ec2-user-key
KEY_NAME => ec2-user-key
msf auxiliary(aws_launch_instances) > set SSH_PUB_KEY ssh-rsa ABCDEDG123...
SSH_PUB_KEY => ssh-rsa ABCDEDG123...
msf auxiliary(aws_launch_instances) > run
[*] Created ec2-user-key (ab:cd:ef:12:34:56:78:90:ab:ac:ad:ab:a1:23:45:67)
[*] Created security group: sg-12345678
[*] Launching instance(s) in us-west-2, AMI: ami-1e299d7e, key pair name: ec2-user, security group: sg-12345678, subnet ID: subnet-abcdefgh
[*] Launched instance i-12345678 in us-west-2 account 123456789012
[*] instance i-12345678 status: initializing
[*] instance i-12345678 status: initializing
...
[*] instance i-12345678 status: ok
[*] Instance i-12345678 has IP address 54.186.158.6
[*] Auxiliary module execution completed
When the host has passed its primary system checks, the IP address will be
displayed. We can use this IP address to SSH to the host. Please note that
most users will want to set the SEC_GROUP_CIDR option to restrict access to
our new Cloud host.
To SSH into the host, you must specify the SSH key, and ec2-user username, e.g.,
$ ssh -i ec2-user-key [email protected] -L 2447:127.0.0.1:2447
The authenticity of host '54.186.158.6 (54.186.158.6)' can't be established.
ECDSA key fingerprint is SHA256:ePj6WtCeK...
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '54.186.158.6' (ECDSA) to the list of known hosts.
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2016.09-release-notes/
5 package(s) needed for security, out of 9 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-8-176 ~]$
Back in the Metasploit console you can now connect via aggregator:
msf auxiliary(aws_launch_instances) > load aggregator
msf auxiliary(aws_launch_instances) > aggregator_connect 127.0.0.1:2447
[*] Connecting to Aggregator instance at 127.0.0.1:2447...
msf auxiliary(aws_launch_instances) >
Go back to menu.
Msfconsole Usage
Here is how the admin/aws/aws_launch_instances auxiliary module looks in the msfconsole:
msf6 > use auxiliary/admin/aws/aws_launch_instances
msf6 auxiliary(admin/aws/aws_launch_instances) > show info
Name: Launches Hosts in AWS
Module: auxiliary/admin/aws/aws_launch_instances
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
Javier Godinez <[email protected]>
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
AMI_ID ami-1e299d7e yes The Amazon Machine Image (AMI) ID
AccessKeyId yes AWS access key
KEY_NAME admin yes The SSH key to be used for ec2-user
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST ec2.us-west-2.amazonaws.com yes AWS region specific EC2 endpoint
RHOSTS ec2.us-west-2.amazonaws.com yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
Region us-west-2 yes The default region
SSH_PUB_KEY no The public SSH key to be used for ec2-user, e.g., "ssh-rsa ABCDE..."
SecretAccessKey yes AWS secret key
Token no AWS session token
USERDATA_FILE tools/modules/aws-aggregator-userdata.sh no The script that will be executed on start
Description:
This module will attempt to launch an AWS instances (hosts) in EC2.
References:
https://drive.google.com/open?id=0B2Ka7F_6TetSNFdfbkI1cnJHUTQ
https://published-prd.lanyonevents.com/published/rsaus17/sessionsFiles/4721/IDY-W10-DevSecOps-on-the-Offense-Automating-Amazon-Web-Services-Account-Takeover.pdf
Module Options
This is a complete list of options available in the admin/aws/aws_launch_instances auxiliary module:
msf6 auxiliary(admin/aws/aws_launch_instances) > show options
Module options (auxiliary/admin/aws/aws_launch_instances):
Name Current Setting Required Description
---- --------------- -------- -----------
AMI_ID ami-1e299d7e yes The Amazon Machine Image (AMI) ID
AccessKeyId yes AWS access key
KEY_NAME admin yes The SSH key to be used for ec2-user
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST ec2.us-west-2.amazonaws.com yes AWS region specific EC2 endpoint
RHOSTS ec2.us-west-2.amazonaws.com yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
Region us-west-2 yes The default region
SSH_PUB_KEY no The public SSH key to be used for ec2-user, e.g., "ssh-rsa ABCDE..."
SecretAccessKey yes AWS secret key
Token no AWS session token
USERDATA_FILE tools/modules/aws-aggregator-userdata.sh no The script that will be executed on start
Advanced Options
Here is a complete list of advanced options supported by the admin/aws/aws_launch_instances auxiliary module:
msf6 auxiliary(admin/aws/aws_launch_instances) > show advanced
Module advanced options (auxiliary/admin/aws/aws_launch_instances):
Name Current Setting Required Description
---- --------------- -------- -----------
DOMAIN WORKSTATION yes The domain to use for Windows authentication
DigestAuthIIS true no Conform to IIS, should work for most servers. Only set to false for non-IIS servers
FingerprintCheck true no Conduct a pre-exploit fingerprint verification
HttpClientTimeout no HTTP connection and receive timeout
HttpPassword no The HTTP password to specify for authentication
HttpRawHeaders no Path to ERB-templatized raw headers to append to existing headers
HttpTrace false no Show the raw HTTP requests and responses
HttpTraceColors red/blu no HTTP request and response colors for HttpTrace (unset to disable)
HttpTraceHeadersOnly false no Show HTTP headers only in HttpTrace
HttpUsername no The HTTP username to specify for authentication
INSTANCE_TYPE m3.medium yes The instance type
MaxCount 1 yes Maximum number of instances to launch
MinCount 1 yes Minumum number of instances to launch
ROLE_NAME no The instance profile/role name
RPORT 443 yes AWS EC2 Endpoint TCP Port
SEC_GROUP_CIDR 0.0.0.0/0 yes EC2 security group network access CIDR
SEC_GROUP_ID no The EC2 security group to use
SEC_GROUP_NAME no Optional EC2 security group name
SEC_GROUP_PORT tcp:22 yes EC2 security group network access PORT
SSL true yes AWS EC2 Endpoint SSL
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SUBNET_ID no The public subnet to use
UserAgent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) no The User-Agent header to use for all requests
VERBOSE false no Enable detailed status messages
VPC_ID no The EC2 VPC ID
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the admin/aws/aws_launch_instances module can do:
msf6 auxiliary(admin/aws/aws_launch_instances) > show actions
Auxiliary actions:
Name Description
---- -----------
Evasion Options
Here is the full list of possible evasion options supported by the admin/aws/aws_launch_instances auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(admin/aws/aws_launch_instances) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
HTTP::header_folding false no Enable folding of HTTP headers
HTTP::method_random_case false no Use random casing for the HTTP method
HTTP::method_random_invalid false no Use a random invalid, HTTP method for request
HTTP::method_random_valid false no Use a random, but valid, HTTP method for request
HTTP::pad_fake_headers false no Insert random, fake headers into the HTTP request
HTTP::pad_fake_headers_count 0 no How many fake headers to insert into the HTTP request
HTTP::pad_get_params false no Insert random, fake query string variables into the request
HTTP::pad_get_params_count 16 no How many fake query string variables to insert into the request
HTTP::pad_method_uri_count 1 no How many whitespace characters to use between the method and uri
HTTP::pad_method_uri_type space no What type of whitespace to use between the method and uri (Accepted: space, tab, apache)
HTTP::pad_post_params false no Insert random, fake post variables into the request
HTTP::pad_post_params_count 16 no How many fake post variables to insert into the request
HTTP::pad_uri_version_count 1 no How many whitespace characters to use between the uri and version
HTTP::pad_uri_version_type space no What type of whitespace to use between the uri and version (Accepted: space, tab, apache)
HTTP::uri_dir_fake_relative false no Insert fake relative directories into the uri
HTTP::uri_dir_self_reference false no Insert self-referential directories into the uri
HTTP::uri_encode_mode hex-normal no Enable URI encoding (Accepted: none, hex-normal, hex-noslashes, hex-random, hex-all, u-normal, u-all, u-random)
HTTP::uri_fake_end false no Add a fake end of URI (eg: /%20HTTP/1.0/../../)
HTTP::uri_fake_params_start false no Add a fake start of params to the URI (eg: /%3fa=b/../)
HTTP::uri_full_url false no Use the full URL for all HTTP requests
HTTP::uri_use_backslashes false no Use back slashes instead of forward slashes in the uri
HTTP::version_random_invalid false no Use a random invalid, HTTP version for request
HTTP::version_random_valid false no Use a random, but valid, HTTP version for request
Go back to menu.
Error Messages
This module may fail with the following error messages:
- Both AccessKeyId and SecretAccessKey are required
- Could not find a public subnet, please provide one
- Could not retrieve instance IP address
- Could not open userdata file: <USERDATA_FILE>
- Error, could not get instance status, instance possibly terminated
- Error creating key using privided key material (SSH_PUB_KEY)
- Error creating key using privided key material (SSH_PUB_KEY)
- Could not create SG
- Failed creating security group
- Could not determine VPC ID for <ACCESSKEYID> in <RHOST>
- Could not determine VPC ID for <ACCESSKEYID> in <RHOST>
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
Both AccessKeyId and SecretAccessKey are required
Here is a relevant code snippet related to the "Both AccessKeyId and SecretAccessKey are required" error message:
58: deregister_options('VHOST')
59: end
60:
61: def run
62: if datastore['AccessKeyId'].blank? || datastore['SecretAccessKey'].blank?
63: print_error("Both AccessKeyId and SecretAccessKey are required")
64: return
65: end
66: # setup creds for making IAM API calls
67: creds = {
68: 'AccessKeyId' => datastore['AccessKeyId'],
Could not find a public subnet, please provide one
Here is a relevant code snippet related to the "Could not find a public subnet, please provide one" error message:
73: create_keypair(creds) unless datastore['SSH_PUB_KEY'].blank?
74: vpc = datastore['VPC_ID'].blank? ? vpc(creds) : datastore['VPC_ID']
75: sg = datastore['SEC_GROUP_ID'].blank? ? create_sg(creds, vpc) : datastore['SEC_GROUP_ID']
76: subnet = datastore['SUBNET_ID'].blank? ? pub_subnet(creds, vpc) : datastore['SUBNET_ID']
77: unless subnet
78: print_error("Could not find a public subnet, please provide one")
79: return
80: end
81: instance_id = launch_instance(creds, subnet, sg)
82: action = 'DescribeInstances'
83: doc = call_ec2(creds, 'Action' => action, 'InstanceId.1' => instance_id)
Could not retrieve instance IP address
Here is a relevant code snippet related to the "Could not retrieve instance IP address" error message:
85: begin
86: # need a better parser so we can avoid shit like this
87: ip = doc['reservationSet']['item']['instancesSet']['item']['networkInterfaceSet']['item']['privateIpAddressesSet']['item']['association']['publicIp']
88: print_status("Instance #{instance_id} has IP adrress #{ip}")
89: rescue NoMethodError
90: print_error("Could not retrieve instance IP address")
91: end
92: end
93:
94: def opts(action, subnet, sg)
95: opts = {
Could not open userdata file: <USERDATA_FILE>
Here is a relevant code snippet related to the "Could not open userdata file: <USERDATA_FILE>" error message:
107: opts['IamInstanceProfile.Name'] = datastore['ROLE_NAME'] unless datastore['ROLE_NAME'].blank?
108: unless datastore['USERDATA_FILE'].blank?
109: if File.exist?(datastore['USERDATA_FILE'])
110: opts['UserData'] = URI.encode(Base64.encode64(open(datastore['USERDATA_FILE'], 'r').read).strip)
111: else
112: print_error("Could not open userdata file: #{datastore['USERDATA_FILE']}")
113: end
114: end
115: opts
116: end
117:
Error, could not get instance status, instance possibly terminated
Here is a relevant code snippet related to the "Error, could not get instance status, instance possibly terminated" error message:
132: loop do
133: sleep(15)
134: doc = call_ec2(creds, 'Action' => action, 'InstanceId' => instance_id)
135: doc = print_results(doc, action)
136: if doc['instanceStatusSet'].nil?
137: print_error("Error, could not get instance status, instance possibly terminated")
138: break
139: end
140: status = doc['instanceStatusSet']['item']['systemStatus']['status']
141: print_status("instance #{instance_id} status: #{status}")
142: break if status == 'ok' || status != 'initializing'
Error creating key using privided key material (SSH_PUB_KEY)
Here is a relevant code snippet related to the "Error creating key using privided key material (SSH_PUB_KEY)" error message:
148: action = 'ImportKeyPair'
149: doc = call_ec2(creds, 'Action' => action, 'KeyName' => datastore['KEY_NAME'], 'PublicKeyMaterial' => Rex::Text.encode_base64(datastore['SSH_PUB_KEY']))
150: if doc['Response'].nil?
151: doc = print_results(doc, action)
152: if doc['keyName'].nil? || doc['keyFingerprint'].nil?
153: print_error("Error creating key using privided key material (SSH_PUB_KEY)")
154: else
155: print_status("Created #{doc['keyName']} (#{doc['keyFingerprint']})")
156: end
157: else
158: if doc['Response']['Errors'] && doc['Response']['Errors']['Error']
Error creating key using privided key material (SSH_PUB_KEY)
Here is a relevant code snippet related to the "Error creating key using privided key material (SSH_PUB_KEY)" error message:
156: end
157: else
158: if doc['Response']['Errors'] && doc['Response']['Errors']['Error']
159: print_error(doc['Response']['Errors']['Error']['Message'])
160: else
161: print_error("Error creating key using privided key material (SSH_PUB_KEY)")
162: end
163: end
164: end
165:
166: def pub_subnet(creds, vpc_id)
Could not create SG
Here is a relevant code snippet related to the "Could not create SG" error message:
199: def create_sg(creds, vpc_id)
200: name = Rex::Text.rand_text_alphanumeric(8)
201: action = 'CreateSecurityGroup'
202: doc = call_ec2(creds, 'Action' => action, 'GroupName' => name, 'VpcId' => vpc_id, 'GroupDescription' => name)
203: doc = print_results(doc, action)
204: print_error("Could not create SG") && return if doc['groupId'].nil?
205: sg = doc['groupId']
206: proto, port = datastore['SEC_GROUP_PORT'].split(':')
207: cidr = URI.encode(datastore['SEC_GROUP_CIDR'])
208: action = 'AuthorizeSecurityGroupIngress'
209: doc = call_ec2(creds, 'Action' => action,
Failed creating security group
Here is a relevant code snippet related to the "Failed creating security group" error message:
214: 'GroupId' => sg)
215: doc = print_results(doc, action)
216: if doc['return'] && doc['return'] == 'true'
217: print_status("Created security group: #{sg}")
218: else
219: print_error("Failed creating security group")
220: end
221: sg
222: end
223:
224: def vpc(creds)
Could not determine VPC ID for <ACCESSKEYID> in <RHOST>
Here is a relevant code snippet related to the "Could not determine VPC ID for <ACCESSKEYID> in <RHOST>" error message:
224: def vpc(creds)
225: action = 'DescribeVpcs'
226: doc = call_ec2(creds, 'Action' => action)
227: doc = print_results(doc, action)
228: if doc['vpcSet'].nil? || doc['vpcSet']['item'].nil?
229: print_error("Could not determine VPC ID for #{datastore['AccessKeyId']} in #{datastore['RHOST']}")
230: return nil
231: end
232: item = doc['vpcSet']['item']
233: return item['vpcId'] if item.instance_of?(Hash)
234: return item.first['vpcId'] if item.instance_of?(Array) && !item.first['vpcId'].nil?
Could not determine VPC ID for <ACCESSKEYID> in <RHOST>
Here is a relevant code snippet related to the "Could not determine VPC ID for <ACCESSKEYID> in <RHOST>" error message:
228: if doc['vpcSet'].nil? || doc['vpcSet']['item'].nil?
229: print_error("Could not determine VPC ID for #{datastore['AccessKeyId']} in #{datastore['RHOST']}")
230: return nil
231: end
232: item = doc['vpcSet']['item']
233: return item['vpcId'] if item.instance_of?(Hash)
234: return item.first['vpcId'] if item.instance_of?(Array) && !item.first['vpcId'].nil?
235: print_error("Could not determine VPC ID for #{datastore['AccessKeyId']} in #{datastore['RHOST']}")
236: nil
237: end
238: end
Go back to menu.
Related Pull Requests
- #14733 Merged Pull Request: Add latest Rubocop rules
- #13540 Merged Pull Request: Change OptString of RPORT to OptPort
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #8099 Merged Pull Request: Aux module to launch instances in AWS
References
- CVE: Not available
- https://drive.google.com/open?id=0B2Ka7F_6TetSNFdfbkI1cnJHUTQ
- https://published-prd.lanyonevents.com/published/rsaus17/sessionsFiles/4721/IDY-W10-DevSecOps-on-the-Offense-Automating-Amazon-Web-Services-Account-Takeover.pdf
See Also
Check also the following modules related to this module:
- auxiliary/cloud/aws/enum_ec2
- auxiliary/cloud/aws/enum_iam
- auxiliary/cloud/aws/enum_s3
- auxiliary/scanner/http/yaws_traversal
- exploit/unix/webapp/awstats_configdir_exec
- exploit/unix/webapp/awstats_migrate_exec
- exploit/unix/webapp/awstatstotals_multisort
- post/multi/escalate/aws_create_iam_user
- post/multi/gather/aws_ec2_instance_metadata
- post/multi/gather/aws_keys
- exploit/windows/browser/awingsoft_web3d_bof
- auxiliary/server/android_browsable_msf_launch
- exploit/linux/browser/adobe_flashplayer_aslaunch
- exploit/osx/browser/safari_user_assisted_download_launch
- exploit/windows/browser/keyhelp_launchtripane_exec
- exploit/windows/browser/zenworks_helplauncher_exec
- exploit/windows/fileformat/foxit_reader_launch
- exploit/windows/fileformat/nuance_pdf_launch_overflow
- exploit/windows/local/ipass_launch_app
Authors
- Javier Godinez <godinezj[at]gmail.com>
Version
This page has been produced using Metasploit Framework version 6.1.27-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.
