|
23 | 23 | # {whatever}.{region}.cloudapp.azure.com |
24 | 24 | VM_URL = 'cloudapp.azure.com' |
25 | 25 |
|
| 26 | + |
26 | 27 | def print_account_response(reply): |
27 | 28 | """ |
28 | 29 | Parses the HTTP reply of a brute-force attempt |
@@ -94,10 +95,12 @@ def print_container_response(reply): |
94 | 95 | """ |
95 | 96 | # Stop brute forcing disabled accounts |
96 | 97 | if 'The specified account is disabled' in reply.reason: |
| 98 | + print("[!] Breaking out early, account disabled.") |
97 | 99 | return 'breakout' |
98 | 100 |
|
99 | 101 | # Stop brute forcing accounts without permission |
100 | 102 | if 'not authorized to perform this operation' in reply.reason: |
| 103 | + print("[!] Breaking out early, auth errors.") |
101 | 104 | return 'breakout' |
102 | 105 |
|
103 | 106 | # Handle other responses |
@@ -140,21 +143,30 @@ def brute_force_containers(storage_accounts, brute_list, threads): |
140 | 143 | with open(brute_list, encoding="utf8", errors="ignore") as infile: |
141 | 144 | names = infile.read().splitlines() |
142 | 145 |
|
| 146 | + # Clean up the names to usable for containers |
| 147 | + banned_chars = re.compile('[^a-z0-9-]') |
| 148 | + clean_names = [] |
| 149 | + for name in names: |
| 150 | + name = name.lower() |
| 151 | + name = banned_chars.sub('', name) |
| 152 | + if name not in clean_names: |
| 153 | + clean_names.append(name) |
| 154 | + |
143 | 155 | # Start a counter to report on elapsed time |
144 | 156 | start_time = utils.start_timer() |
145 | 157 |
|
146 | 158 | print("[*] Brute-forcing container names in {} storage accounts" |
147 | 159 | .format(len(valid_accounts))) |
148 | 160 |
|
149 | 161 | for account in valid_accounts: |
150 | | - print("[*] Brute-forcing container names in {}" |
151 | | - .format(account)) |
| 162 | + print("[*] Brute-forcing {} container names in {}" |
| 163 | + .format(len(clean_names), account)) |
152 | 164 |
|
153 | 165 | # Initialize the list of correctly formatted urls |
154 | 166 | candidates = [] |
155 | 167 |
|
156 | 168 | # Take each mutated keyword and craft a url with correct format |
157 | | - for name in names: |
| 169 | + for name in clean_names: |
158 | 170 | candidates.append('{}/{}/?restype=container&comp=list' |
159 | 171 | .format(account, name)) |
160 | 172 |
|
|
0 commit comments