Created
September 7, 2025 20:50
-
-
Save lawbyte/f80f79cf1780e44d1a46fd36906d3c91 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Region Enumeration Script | |
| Try to find the EC2 instance in different AWS regions | |
| """ | |
| import boto3 | |
| import json | |
| import sys | |
| from botocore.exceptions import ClientError, NoCredentialsError, EndpointConnectionError | |
| from datetime import datetime | |
| AWS_ACCESS_KEY = "" | |
| AWS_SECRET_KEY = "" | |
| AWS_SESSION_TOKEN = "" | |
| # Target instance ID from the log | |
| TARGET_INSTANCE_ID = "i-0084d21d6f330a585" | |
| # Regions to check | |
| REGIONS = [ | |
| "us-east-1", "us-west-1", "us-west-2", | |
| "eu-west-1", "eu-west-2", "eu-west-3", "eu-central-1", "eu-north-1", | |
| "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", | |
| "ap-south-1", "ca-central-1", "sa-east-1", "af-south-1", "me-south-1" | |
| ] | |
| def create_session(region): | |
| """Create AWS session for a specific region""" | |
| try: | |
| session = boto3.Session( | |
| aws_access_key_id=AWS_ACCESS_KEY, | |
| aws_secret_access_key=AWS_SECRET_KEY, | |
| aws_session_token=AWS_SESSION_TOKEN, | |
| region_name=region | |
| ) | |
| return session | |
| except Exception as e: | |
| print(f"β Error creating session for {region}: {e}") | |
| return None | |
| def check_instance_in_region(region): | |
| """Check if the target instance exists in the given region""" | |
| print(f"\nπ Checking region: {region}") | |
| print("-" * 50) | |
| session = create_session(region) | |
| if not session: | |
| return False | |
| try: | |
| ec2 = session.client('ec2') | |
| # Try to describe the specific instance | |
| try: | |
| response = ec2.describe_instances(InstanceIds=[TARGET_INSTANCE_ID]) | |
| if response['Reservations']: | |
| instance = response['Reservations'][0]['Instances'][0] | |
| print(f"β FOUND TARGET INSTANCE!") | |
| print(f" Instance ID: {instance['InstanceId']}") | |
| print(f" State: {instance['State']['Name']}") | |
| print(f" Type: {instance['InstanceType']}") | |
| print(f" Launch Time: {instance['LaunchTime']}") | |
| print(f" Public IP: {instance.get('PublicIpAddress', 'N/A')}") | |
| print(f" Private IP: {instance.get('PrivateIpAddress', 'N/A')}") | |
| # Check security groups | |
| if 'SecurityGroups' in instance: | |
| print(f" Security Groups:") | |
| for sg in instance['SecurityGroups']: | |
| print(f" - {sg['GroupId']} ({sg['GroupName']})") | |
| # Check tags | |
| if 'Tags' in instance: | |
| print(f" Tags:") | |
| for tag in instance['Tags']: | |
| print(f" - {tag['Key']}: {tag['Value']}") | |
| return True | |
| else: | |
| print(f"β Instance not found in {region}") | |
| return False | |
| except ClientError as e: | |
| error_code = e.response['Error']['Code'] | |
| if error_code == 'InvalidInstanceID.NotFound': | |
| print(f"β Instance not found in {region}") | |
| else: | |
| print(f"β Error: {error_code}") | |
| return False | |
| except Exception as e: | |
| print(f"β Error checking {region}: {e}") | |
| return False | |
| def list_all_instances_in_region(region): | |
| """List all instances in the region""" | |
| print(f"\nπ Listing all instances in {region}") | |
| print("-" * 50) | |
| session = create_session(region) | |
| if not session: | |
| return | |
| try: | |
| ec2 = session.client('ec2') | |
| # List all instances | |
| response = ec2.describe_instances() | |
| instances = [] | |
| for reservation in response['Reservations']: | |
| for instance in reservation['Instances']: | |
| instances.append(instance) | |
| if instances: | |
| print(f"Found {len(instances)} instances:") | |
| for instance in instances: | |
| instance_id = instance['InstanceId'] | |
| state = instance['State']['Name'] | |
| instance_type = instance['InstanceType'] | |
| public_ip = instance.get('PublicIpAddress', 'N/A') | |
| private_ip = instance.get('PrivateIpAddress', 'N/A') | |
| print(f" - {instance_id}: {state} ({instance_type}) - {public_ip}/{private_ip}") | |
| # Check for flag-related tags | |
| if 'Tags' in instance: | |
| for tag in instance['Tags']: | |
| if any(keyword in tag['Value'].lower() for keyword in ['flag', 'encrypt', 'decrypt', 'key']): | |
| print(f" π¨ FLAG-RELATED TAG: {tag['Key']} = {tag['Value']}") | |
| else: | |
| print("No instances found") | |
| except Exception as e: | |
| print(f"β Error listing instances in {region}: {e}") | |
| def check_running_instances(region): | |
| """Check for running instances that might be the target""" | |
| print(f"\nπ Checking running instances in {region}") | |
| print("-" * 50) | |
| session = create_session(region) | |
| if not session: | |
| return | |
| try: | |
| ec2 = session.client('ec2') | |
| # Filter for running instances | |
| response = ec2.describe_instances( | |
| Filters=[ | |
| {'Name': 'instance-state-name', 'Values': ['running']} | |
| ] | |
| ) | |
| running_instances = [] | |
| for reservation in response['Reservations']: | |
| for instance in reservation['Instances']: | |
| running_instances.append(instance) | |
| if running_instances: | |
| print(f"Found {len(running_instances)} running instances:") | |
| for instance in running_instances: | |
| instance_id = instance['InstanceId'] | |
| instance_type = instance['InstanceType'] | |
| public_ip = instance.get('PublicIpAddress', 'N/A') | |
| private_ip = instance.get('PrivateIpAddress', 'N/A') | |
| print(f" - {instance_id}: {instance_type} - {public_ip}/{private_ip}") | |
| # Check for flag-related tags | |
| if 'Tags' in instance: | |
| for tag in instance['Tags']: | |
| if any(keyword in tag['Value'].lower() for keyword in ['flag', 'encrypt', 'decrypt', 'key']): | |
| print(f" π¨ FLAG-RELATED TAG: {tag['Key']} = {tag['Value']}") | |
| else: | |
| print("No running instances found") | |
| except Exception as e: | |
| print(f"β Error checking running instances in {region}: {e}") | |
| def main(): | |
| """Main function""" | |
| print("π Region Enumeration Script") | |
| print("=" * 80) | |
| print(f"Target Instance: {TARGET_INSTANCE_ID}") | |
| print(f"Timestamp: {datetime.now()}") | |
| found_instance = False | |
| # Check each region for the target instance | |
| for region in REGIONS: | |
| if check_instance_in_region(region): | |
| found_instance = True | |
| print(f"\nπ― TARGET INSTANCE FOUND IN {region.upper()}!") | |
| print(f"To connect, use:") | |
| print(f" aws ssm start-session --target {TARGET_INSTANCE_ID} --region {region}") | |
| break | |
| if not found_instance: | |
| print(f"\nβ Target instance {TARGET_INSTANCE_ID} not found in any region") | |
| print("\nπ Checking for other instances that might be relevant...") | |
| # Check a few key regions for any instances | |
| key_regions = ["us-east-1", "eu-west-1", "ap-southeast-1", "us-west-2"] | |
| for region in key_regions: | |
| list_all_instances_in_region(region) | |
| check_running_instances(region) | |
| print("\nβ Region enumeration complete!") | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment