jps3/aws-proxycannon.md

## aws-proxycannon.md

      
    Raw
  

              aws-proxycannon.md
            
          
    proxycannon-ng via terraform

First Terraform attempt created after the Antisyphon class “Red Team: Getting Access” (Jul 27–30, 2021) for creating the proxycannon-ng control server.

  
## credentials.tpl
[default]
aws_access_key_id = ${aws_access_key_id}
aws_secret_access_key = ${aws_secret_access_key}
region = ${region}

## main.tf
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 3.52.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = ">= 3.1.0"
    }
  }
  required_version = ">= 1.0.0"
}


#-------  SSH Key Pair  ------------

resource "tls_private_key" "pk" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "deployer" {
  key_name   = "proxycannon"
  public_key = tls_private_key.pk.public_key_openssh
  provisioner "local-exec" {
    command = "umask 0077 && echo '${tls_private_key.pk.private_key_pem}' > ${aws_key_pair.deployer.key_name}.pem"
  }
}


#-------  Provider Information  ------------

provider "aws" {
  profile = "default"
  region  = var.aws_region
}


#-------  Security group  ------------

resource "aws_security_group" "default" {
  name        = "sg_proxycannon_control"
  description = "AWS Security Group for Proxycannon Controller"
  # allow all inbound
  ingress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }
  # allow all outbound
  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }
}


#-------  AMI  ------------

data "aws_ami" "ubuntu_server_1804_amd64" {
  most_recent = true
  owners      = ["099720109477"]
  name_regex  = "^ubuntu/images/.*/.*-server-.*$"
  filter {
    name   = "root-device-type"
    values = ["ebs"]
  }
  filter {
    name   = "architecture"
    values = ["x86_64"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  filter {
    name = "name"
    values = ["ubuntu/images/*/ubuntu-*-18.04-*-server-*"]
  }
}


#-------  EC2 Instance configuration  ------------

resource "aws_instance" "proxycannon" {
  ami             = data.aws_ami.ubuntu_server_1804_amd64.image_id
  instance_type   = "t2.micro"
  key_name        = var.key_name
  security_groups = ["${aws_security_group.default.name}"]
  tags = {
    Name = "controlserver"
  }
  provisioner "remote-exec" {
    inline = [
      "sudo DEBIAN_FRONTEND='noninteractive' apt-get update",
      "sudo DEBIAN_FRONTEND='noninteractive' apt-get install -y git less libcurl3-gnutls liberror-perl",
      "sudo git clone --depth=1 https://github.com/proxycannon/proxycannon-ng /opt/proxycannon-ng",
      "cd /opt/proxycannon-ng/setup/ && sudo /bin/bash install.sh",
      "cd /opt/proxycannon-ng/nodes/aws && sudo wget https://releases.hashicorp.com/terraform-provider-aws/2.70.0/terraform-provider-aws_2.70.0_linux_amd64.zip && sudo unzip terraform-provider-aws_2.70.0_linux_amd64.zip && sudo terraform init",
      "sudo mkdir -m 0700 -p /root/.aws && sudo touch /root/.aws/credentials"
    ]
  }
  connection {
    type        = "ssh"
    host        = self.public_ip
    user        = var.username
    private_key = file("${aws_key_pair.deployer.key_name}.pem")
    timeout     = "4m"
  }
}


#-------  SSH Config file ------------

resource "local_file" "ssh_config_file" {
  content = templatefile("ssh_config.tpl", {
    "title"      = aws_instance.proxycannon.tags.Name
    "hostname"   = aws_instance.proxycannon.tags.Name
    "ip_address" = aws_instance.proxycannon.public_ip
    "pem_file"   = "${aws_key_pair.deployer.key_name}.pem"
    "username"   = var.username
  })
  filename        = "tf_${aws_instance.proxycannon.tags.Name}"
  file_permission = "0600"
  depends_on = [
    aws_instance.proxycannon,
    aws_key_pair.deployer
  ]
}


#-------  /root/.aws/credentials template file ------------

resource "local_file" "root_aws_credentials" {
  content = templatefile("credentials.tpl", {
    "aws_access_key_id" = var.aws_access_key_id
    "aws_secret_access_key" = var.aws_secret_access_key
    "region" = var.aws_region
  })
  filename        = "${aws_instance.proxycannon.tags.Name}"
  file_permission = "0600"
}

## output.tf
output "proxycannon-controlserver-public_ip" {
  value = aws_instance.proxycannon.public_ip
  depends_on = [
    aws_security_group.default
  ]
}

output "proxycannon-controlserver-subnet_id" {
  value = aws_instance.proxycannon.subnet_id
}

output "proxycannon-controlserver-region" {
  value = var.aws_region
}

output "proxycannon-controlserver-ami" {
  value = aws_instance.proxycannon.ami
}

## ssh_config.tpl
# ----------------------------------------------------------------------
#  ${title}
# ----------------------------------------------------------------------

Host                    ${hostname}
  hostname              ${ip_address}
  pubkeyauthentication  yes
  identityfile          ${pem_file}
  identitiesonly        yes
  user                  ${username}

## variables.tf
variable "key_name" {
  description = "Name of the SSH keypair to use in AWS."
  default     = "proxycannon"
}

variable "aws_region" {
  description = "AWS region to launch servers"
  default     = "us-east-1"
}

variable "username" {
  description = "Default username on AMI used"
  default     = "ubuntu"
}
	[default]
	aws_access_key_id = ${aws_access_key_id}
	aws_secret_access_key = ${aws_secret_access_key}
	region = ${region}
	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = ">= 3.52.0"
	}
	tls = {
	source = "hashicorp/tls"
	version = ">= 3.1.0"
	}
	}
	required_version = ">= 1.0.0"
	}


	#------- SSH Key Pair ------------

	resource "tls_private_key" "pk" {
	algorithm = "RSA"
	rsa_bits = 4096
	}

	resource "aws_key_pair" "deployer" {
	key_name = "proxycannon"
	public_key = tls_private_key.pk.public_key_openssh
	provisioner "local-exec" {
	command = "umask 0077 && echo '${tls_private_key.pk.private_key_pem}' > ${aws_key_pair.deployer.key_name}.pem"
	}
	}


	#------- Provider Information ------------

	provider "aws" {
	profile = "default"
	region = var.aws_region
	}


	#------- Security group ------------

	resource "aws_security_group" "default" {
	name = "sg_proxycannon_control"
	description = "AWS Security Group for Proxycannon Controller"
	# allow all inbound
	ingress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	ipv6_cidr_blocks = ["::/0"]
	}
	# allow all outbound
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	ipv6_cidr_blocks = ["::/0"]
	}
	}


	#------- AMI ------------

	data "aws_ami" "ubuntu_server_1804_amd64" {
	most_recent = true
	owners = ["099720109477"]
	name_regex = "^ubuntu/images/./.-server-.*$"
	filter {
	name = "root-device-type"
	values = ["ebs"]
	}
	filter {
	name = "architecture"
	values = ["x86_64"]
	}
	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}
	filter {
	name = "name"
	values = ["ubuntu/images//ubuntu--18.04--server-"]
	}
	}


	#------- EC2 Instance configuration ------------

	resource "aws_instance" "proxycannon" {
	ami = data.aws_ami.ubuntu_server_1804_amd64.image_id
	instance_type = "t2.micro"
	key_name = var.key_name
	security_groups = ["${aws_security_group.default.name}"]
	tags = {
	Name = "controlserver"
	}
	provisioner "remote-exec" {
	inline = [
	"sudo DEBIAN_FRONTEND='noninteractive' apt-get update",
	"sudo DEBIAN_FRONTEND='noninteractive' apt-get install -y git less libcurl3-gnutls liberror-perl",
	"sudo git clone --depth=1 https://github.com/proxycannon/proxycannon-ng /opt/proxycannon-ng",
	"cd /opt/proxycannon-ng/setup/ && sudo /bin/bash install.sh",
	"cd /opt/proxycannon-ng/nodes/aws && sudo wget https://releases.hashicorp.com/terraform-provider-aws/2.70.0/terraform-provider-aws_2.70.0_linux_amd64.zip && sudo unzip terraform-provider-aws_2.70.0_linux_amd64.zip && sudo terraform init",
	"sudo mkdir -m 0700 -p /root/.aws && sudo touch /root/.aws/credentials"
	]
	}
	connection {
	type = "ssh"
	host = self.public_ip
	user = var.username
	private_key = file("${aws_key_pair.deployer.key_name}.pem")
	timeout = "4m"
	}
	}


	#------- SSH Config file ------------

	resource "local_file" "ssh_config_file" {
	content = templatefile("ssh_config.tpl", {
	"title" = aws_instance.proxycannon.tags.Name
	"hostname" = aws_instance.proxycannon.tags.Name
	"ip_address" = aws_instance.proxycannon.public_ip
	"pem_file" = "${aws_key_pair.deployer.key_name}.pem"
	"username" = var.username
	})
	filename = "tf_${aws_instance.proxycannon.tags.Name}"
	file_permission = "0600"
	depends_on = [
	aws_instance.proxycannon,
	aws_key_pair.deployer
	]
	}


	#------- /root/.aws/credentials template file ------------

	resource "local_file" "root_aws_credentials" {
	content = templatefile("credentials.tpl", {
	"aws_access_key_id" = var.aws_access_key_id
	"aws_secret_access_key" = var.aws_secret_access_key
	"region" = var.aws_region
	})
	filename = "${aws_instance.proxycannon.tags.Name}"
	file_permission = "0600"
	}
	output "proxycannon-controlserver-public_ip" {
	value = aws_instance.proxycannon.public_ip
	depends_on = [
	aws_security_group.default
	]
	}

	output "proxycannon-controlserver-subnet_id" {
	value = aws_instance.proxycannon.subnet_id
	}

	output "proxycannon-controlserver-region" {
	value = var.aws_region
	}

	output "proxycannon-controlserver-ami" {
	value = aws_instance.proxycannon.ami
	}
	# ----------------------------------------------------------------------
	# ${title}
	# ----------------------------------------------------------------------

	Host ${hostname}
	hostname ${ip_address}
	pubkeyauthentication yes
	identityfile ${pem_file}
	identitiesonly yes
	user ${username}
	variable "key_name" {
	description = "Name of the SSH keypair to use in AWS."
	default = "proxycannon"
	}

	variable "aws_region" {
	description = "AWS region to launch servers"
	default = "us-east-1"
	}

	variable "username" {
	description = "Default username on AMI used"
	default = "ubuntu"
	}