update sessions with scopes

brokensound77 · brokensound77 · commit 329d85723b75 · 2023-08-11T20:40:32.000-06:00
diff --git a/swat/emulations/collection/drive_access_private_keys.py b/swat/emulations/collection/drive_access_private_keys.py
@@ -14,7 +14,7 @@
 class Emulation(BaseEmulation):
     parser = BaseEmulation.load_parser(
         description='Stages sensitive encryption key files in Google Drive and accesses them via shared links.')
-    parser.add_argument('session_key', default='default', help='Session to use for service building API service')
+    parser.add_argument('--creds', default='default', help='Session to use for service building API service')
     parser.add_argument('folder_id', help='Google Drive Folder ID')
     parser.add_argument('--cleanup', action='store_true', default=False, help='Clean up staged files after execution')
 
@@ -26,8 +26,8 @@ class Emulation(BaseEmulation):
     def __init__(self, **kwargs) -> None:
         super().__init__(**kwargs)
         self.folder_id = self.args.folder_id
-        creds = self.obj.cred_store.get('default', validate_type='oauth')
-        self.service = build('drive', 'v3', credentials=creds.session())
+        creds = self.obj.cred_store.get(self.args.creds, validate_type='oauth')
+        self.service = build('drive', 'v3', credentials=creds.session(scopes=self.scopes))
         # file extensions filtered to 5 for testing purposes
         self.file_extensions = [
             "token","assig", "pssc", "keystore", "pub", "pgp.asc", "ps1xml", "pem", "gpg.sig", "der", "key","p7r",
diff --git a/swat/emulations/initial_access/gmail_html_with_embedded_js.py b/swat/emulations/initial_access/gmail_html_with_embedded_js.py
@@ -12,20 +12,21 @@
 class Emulation(BaseEmulation):
 
     parser = BaseEmulation.load_parser(description='Sends a phishing email to a user with a HTML attachment.')
-    parser.add_argument('session_key', default='default', help='Session to use for service building API service')
+    parser.add_argument('--creds', default='default', help='Session to use for service building API service')
     parser.add_argument('--recipient', required=True, help='Recipient email address')
     parser.add_argument('--sender', required=True, help='Sender email address')
     parser.add_argument('--subject', default='Phishing Test Email', help='Email subject')
     parser.add_argument('--attachment', default='swat_malicious', help='Attachment name')
 
     techniques = ['T1566.001', 'T1204.002']
     name = 'Send HTML with Embedded Javascript with Gmail'
-    scopes = ['gmail.send','gmail.readonly','gmail.compose']
+    scopes = ['gmail.send', 'gmail.readonly','gmail.compose']
     services = ['gmail']
 
     def __init__(self, **kwargs) -> None:
         super().__init__(**kwargs)
-        self.service = build('gmail', 'v1', credentials=self.obj.cred_store.store[self.args.session_key].session)
+        creds = self.obj.cred_store.get(self.args.creds, validate_type='oauth')
+        self.service = build('gmail', 'v1', credentials=creds.session(scopes=self.scopes))
 
     def create_html(self) -> io.BytesIO:
         """Create an HTML file with embedded javascript."""
diff --git a/swat/emulations/persistence/admin_add_creds_to_users.py b/swat/emulations/persistence/admin_add_creds_to_users.py
@@ -5,7 +5,7 @@
 class Emulation(BaseEmulation):
 
     parser = BaseEmulation.load_parser(description='Adds cloud credentials to a user account.')
-    parser.add_argument('session_key', default='default', help='Session to use for service building API service')
+    parser.add_argument('--creds', default='default', help='Session to use for service building API service')
     parser.add_argument('--username', required=True, help='Username to create')
     parser.add_argument('--password', required=True, help='Password for user')
 
diff --git a/swat/emulations/persistence/admin_add_roles_to_users.py b/swat/emulations/persistence/admin_add_roles_to_users.py
@@ -5,7 +5,7 @@
 class Emulation(BaseEmulation):
 
     parser = BaseEmulation.load_parser(description='Add privileged roles to a user.')
-    parser.add_argument('session_key', default='default', help='Session to use for service building API service')
+    parser.add_argument('--creds', default='default', help='Session to use for service building API service')
     parser.add_argument('--username', required=True, help='Username to add the role to')
     parser.add_argument('--roles', required=True, help='Roles to add')
 
@@ -16,7 +16,9 @@ class Emulation(BaseEmulation):
 
     def __init__(self, **kwargs) -> None:
         super().__init__(**kwargs)
+        creds = self.obj.cred_store.get(self.args.creds, validate_type='oauth')
+        self.session = creds.session(scopes=self.scopes)
 
     def execute(self) -> None:
         self.elogger.info(self.exec_str(self.parser.description))
-        self.elogger.info('Hello, world, from T1098!')
+        self.elogger.info(f'Hello, world, from T1098! with session: {self.session}')
