search

RhinoSecurityLabs / pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
BSD 3-Clause "New" or "Revised" License
4.37k stars 694 forks source link

Bug: run iam__enum_permissions fails with UnboundLocalError #445

Open johnathanhuutri opened 3 months ago

johnathanhuutri commented 3 months ago

Tested on ubuntu 24.04 and parrot, both return same error:

Pacu (test:imported-myuser) > run iam__enum_permissions 
  Running module iam__enum_permissions...
[iam__enum_permissions] Confirming permissions for users:
[iam__enum_permissions]   myuser...
[iam__enum_permissions]     List groups for user failed
[iam__enum_permissions]       FAILURE: MISSING REQUIRED AWS PERMISSIONS
[iam__enum_permissions]     Get user policy failed
[iam__enum_permissions]       FAILURE: MISSING REQUIRED AWS PERMISSIONS

[2024-07-20 09:52:55] Pacu encountered an error while running the previous command. Check /home/user/.local/share/pacu/test/error_log.txt for technical details. [LOG LEVEL: MINIMAL]

    <class 'UnboundLocalError'>: cannot access local variable 'document' where it is not associated with a value

User myuser has 1 inline role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameter"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

User myuser is in a group which has an inline role for this group:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "iam:ListUserPolicies",
            "Resource": "arn:aws:iam::<ACCOUNT_ID>:user/myuser"
        }
    ]
}