Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

just hangs on random check #14

Open
presianbg opened this issue Nov 7, 2020 · 5 comments
Open

just hangs on random check #14

presianbg opened this issue Nov 7, 2020 · 5 comments

Comments

@presianbg
Copy link

Hi,

Thanks for the wonderful tool.

Maybe I'm doing something wrong, because it "hangs" on random checks every time.
I tried to wait, but after an hour there is nothing - no errors, no timeouts.

I already tried to use DEBUG flag, but it does not saying much.

Yes I updated the check definitions with :

cd enumerate_iam/
git clone https://github.com/aws/aws-sdk-js.git
python generate_bruteforce_tests.py
rm -rf aws-sdk-js

Kind regards,
PY
@joswr1ght
Copy link

I too am having a similar problem. Running enumerate-iam.py hangs consistently after identifying the first few permissions:

...
2021-01-13 13:44:42,136 - 2152 - [INFO] Attempting common-service describe / list brute force.
2021-01-13 13:44:44,222 - 2152 - [INFO] -- sts.get_caller_identity() worked!
2021-01-13 13:44:44,530 - 2152 - [INFO] -- xray.get_sampling_statistic_summaries() worked!
2021-01-13 13:44:44,683 - 2152 - [INFO] -- xray.get_sampling_rules() worked!
2021-01-13 13:44:45,620 - 2152 - [INFO] -- dynamodb.describe_endpoints() worked!
...hangs

I've not yet traced where the code is hanging, but I wonder if this is a defense mechanism AWS has introduced to mitigate this type of permission enumeration. I've tried running on different hosts, macOS and Linux, and it always hangs after the dynamodb.describe_endpoints() worked! message.

BinaryScary added a commit to BinaryScary/enumerate-iam that referenced this issue May 21, 2021
@BinaryScary
fixes andresriancho#14
77ad5b4
@BinaryScary BinaryScary mentioned this issue May 21, 2021
Open
@bensh
Copy link

bensh commented Sep 13, 2021

I also have this issue, even after decreasing the max connections.

@eschultze
Copy link

Same thing here

@yassineaboukir
Copy link
Contributor

I think reducing max_attempts to 5 for example in main.py should fix the hanging issue:

retries={'max_attempts': 10}

enumerate-iam.py hangs consistently after identifying the first few permissions:

...
2021-01-13 13:44:42,136 - 2152 - [INFO] Attempting common-service describe / list brute force.
2021-01-13 13:44:44,222 - 2152 - [INFO] -- sts.get_caller_identity() worked!
2021-01-13 13:44:44,530 - 2152 - [INFO] -- xray.get_sampling_statistic_summaries() worked!
2021-01-13 13:44:44,683 - 2152 - [INFO] -- xray.get_sampling_rules() worked!
2021-01-13 13:44:45,620 - 2152 - [INFO] -- dynamodb.describe_endpoints() worked!
...hangs

I've not yet traced where the code is hanging, but I wonder if this is a defense mechanism AWS has introduced to mitigate this type of permission enumeration. I've tried running on different hosts, macOS and Linux, and it always hangs after the dynamodb.describe_endpoints() worked! message.

@pswalia2u
Copy link

pswalia2u commented Oct 16, 2022
edited
Loading

facing same issue. I can confirm reducing max_attempts to 5 resolves hanging issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@joswr1ght @presianbg @bensh @yassineaboukir @eschultze @pswalia2u