Kali Linux AWS tested?

[kkaspergit]

I just installed CS_Suite on Kali Linux AMI and am trying to get it working.

Where the instructions indicate to " Generate a set of ReadOnly AWS keys", are there specific Policies that I should select to grant this access? I noticed an error for ListAccountAliases so I found that permission in the AWSQuickSightListIAM policy and applied that. This fixed what was a fatal error but I am getting a ton of "(AccessDenied)" errors as cs.py is now running.

Also worth noting - another fatal error related to an out of range index ([0]) occurs when no aliases have been defined. That was easy enough to fix (customize the IAM URL) but not a graceful error handling.

[shivankar-madaan]

Can you also share the error's being thrown out as well.. when you run the cs.py Let me also update on what kind of IAM policy is exactly required.

[kkaspergit]

There are quite a few error warnings - so many that I will list the first bunch (with the username redacted) but that shouldn't be considered an exhaustive list. As for IAM policy requirement, I'm completely new to AWS and figured that locking down my first/new instance would be a good learning exercise so I'm not really sure about IAM policy requirements. I'm just running a Kali Linux AMI that I ssh into for now. Eventually, I'll setup a fresh instance with lessons learned to enable MetaSploit listeners and probably a SimpleHttpServer process. My current IAM setup has AmazonInspectorReadOnlyAccess, AmazonS3ReadOnlyAccess, and AWSQuickSightListIAM and the only reason I've set that up is to use CS_Suite.

• An error occurred (AccessDeniedException) when calling the ListDomainNames operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: es:ListDomainNames on resource: arn:aws:es:ap-south-1:028895166295:domain/*
• An error occurred (UnauthorizedOperation) when calling the DescribeRegions operation: You are not authorized to perform this operation.
• An error occurred (AccessDeniedException) when calling the DescribeConfigurationRecorders operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: config:DescribeConfigurationRecorders
• An error occurred (AccessDenied) when calling the DescribeLoadBalancers operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: elasticloadbalancing:DescribeLoadBalancers
• An error occurred (AccessDenied) when calling the ListStacks operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: cloudformation:ListStacks
• An error occurred (AccessDenied) when calling the DescribeReplicationGroups operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: elasticache:DescribeReplicationGroups - groups policies roles users credential_report password_policy
• An error occurred (AccessDenied) when calling the DescribeClusters operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: redshift:DescribeClusters on resource: arn:aws:redshift:ap-south-1:028895166295:cluster:*
• An error occurred (AccessDenied) when calling the GetPolicyVersion operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: iam:GetPolicyVersion on resource: policy arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM version v1

Then I receive this over and over from prowler that seems to be running in it's own process:

• An error occurred (AccessDenied) when calling the GenerateCredentialReport operation: User: arn:aws:iam::028895166295:user/[redacted] is not authorized to perform: iam:GenerateCredentialReport on resource: *

[shivankar-madaan]

Yes.Got the error part of out of range index ([0]) ....will fix this Also can you provide read access to all the services for the AWS access keys That should resolve the above issue

[shivankar-madaan]

Here is the policy name arn:aws:iam::aws:policy/ReadOnlyAccess

[kkaspergit]

Much better now - not sure why I was unable to find it searching for "ReadOnly" but the fully qualified policy name located the right one and everything is happy now. Thanks.