LivingInSyn/target-a-setup.sh

## target-a-setup.sh
#!/bin/bash

# install docker
sudo apt-get update
sudo apt install -yq ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install -yq docker-ce docker-ce-cli containerd.io


# create our "data" to exfil
COUNT="2000" #1M block size * 2000 = 20000 ~ 20gb
OFILE="data.enc"
dd if=<(openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero) of=$OFILE bs=1M count=$COUNT iflag=fullblock

# pull down the script and the Dockerfile
mkdir -p /vuln_app
cd /vuln_app

# https://gist.github.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb
curl -Lo vuln_app.py https://gist.githubusercontent.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb/raw/9c1c2dceb955507429a567a01d22b62becff0ebc/vuln_app.py

# https://gist.github.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3
curl -Lo Dockerfile https://gist.githubusercontent.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3/raw/8ff7bfa00cadd81ad86cc0e465d80ce4d5924e58/Dockerfile

# run it as a privileged container to allow breakouts
docker build -t vuln_app . && docker run --privileged --rm -dt --name vuln_app -p 80:8080 vuln_app

# missing - SSH key setup for lateral movement to lat-a
	#!/bin/bash

	# install docker
	sudo apt-get update
	sudo apt install -yq ca-certificates curl gnupg lsb-release
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
	echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
	apt update
	apt install -yq docker-ce docker-ce-cli containerd.io


	# create our "data" to exfil
	COUNT="2000" #1M block size * 2000 = 20000 ~ 20gb
	OFILE="data.enc"
	dd if=<(openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null \| base64)" -nosalt < /dev/zero) of=$OFILE bs=1M count=$COUNT iflag=fullblock

	# pull down the script and the Dockerfile
	mkdir -p /vuln_app
	cd /vuln_app

	# https://gist.github.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb
	curl -Lo vuln_app.py https://gist.githubusercontent.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb/raw/9c1c2dceb955507429a567a01d22b62becff0ebc/vuln_app.py

	# https://gist.github.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3
	curl -Lo Dockerfile https://gist.githubusercontent.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3/raw/8ff7bfa00cadd81ad86cc0e465d80ce4d5924e58/Dockerfile

	# run it as a privileged container to allow breakouts
	docker build -t vuln_app . && docker run --privileged --rm -dt --name vuln_app -p 80:8080 vuln_app

	# missing - SSH key setup for lateral movement to lat-a