Skip to content

Instantly share code, notes, and snippets.

@DanaEpp
Created May 12, 2021 22:26
Show Gist options
  • Save DanaEpp/713e54b2ee3d276f39a3873b6e9a76b2 to your computer and use it in GitHub Desktop.
Save DanaEpp/713e54b2ee3d276f39a3873b6e9a76b2 to your computer and use it in GitHub Desktop.
My disposable VPN script I use during external #redteam engagements
#!/bin/bash
# Author: Dana Epp (@danaepp)
GROUP_NAME="DisposableVPN"
VM_NAME="DisposableVPN"
REGION="canadacentral"
PORT="51820"
echo "Creating resource group '$GROUP_NAME'..."
az group create -l $REGION -n $GROUP_NAME --output none
echo "Creating new VM called '$VM_NAME'..."
az vm create -g $GROUP_NAME -n $VM_NAME --image UbuntuLTS --size Standard_B1ls --admin-username vpnadmin --generate-ssh-keys --output none
# Get the pubic IP
VM_IP=`az vm show -d -n $VM_NAME -g $GROUP_NAME --query publicIps -o tsv`
# Enable a NSG rule allowing inbound VPN
echo 'Creating inbound rule for this NSG to allow VPN...'
az network nsg rule create -g $GROUP_NAME --nsg-name ${VM_NAME}NSG -n AllowVPNRule --priority 1042 --access Allow --direction Inbound --destination-port-ranges $PORT --protocol Udp -o none
# Fetch the Wireguard warrior script and drop in the home dir
echo "Fetching Wireguard Warrior script from GitHub..."
az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "wget https://git.io/wireguard -O /home/vpnadmin/wireguard-install.sh" --output none
# We have to disable the check for stdin so we can automate deployment
az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "sed -i 's/read -N 999999 -t 0.001/# read -N 999999 -t 0.001/' /home/vpnadmin/wireguard-install.sh" --output none
# Execute the Wireguard warrior script with out config
echo "Setting up Wireguard VPN..."
az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "printf '$1\n$2\ntmpvpn\n1\n' | sudo bash /home/vpnadmin/wireguard-install.sh" --output none --parameters $VM_IP $PORT
# Move the config file to the user dir so they can grab it
echo "Watching for config to make it accessable..."
az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "while [ ! -f /root/tmpvpn.conf ]; do sleep 1; done; mv /root/tmpvpn.conf /home/vpnadmin/tmpvpn.conf && chown vpnadmin:vpnadmin /home/vpnadmin/tmpvpn.conf" --output none
# Grab the vpn config file
echo "Attempting to get Wireguard VPN client config file..."
scp -oStrictHostKeyChecking=accept-new vpnadmin@$VM_IP:tmpvpn.conf .
echo "You can now load tmpvpn.conf into Wireguard for use"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment