Skip to content

greyhawk16/CloudRudolf

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits
1.FD-SSM
1.FD-SSM
 
 
2.SSRF-APIGW
2.SSRF-APIGW
 
 
3.CMD-Inj
3.CMD-Inj
 
 
4.SSTI
4.SSTI
 
 
5.JWT
5.JWT
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

CloudRudolf 🦌

Whitehat school 1st project

Reference : cloudgoat (https://github.com/RhinoSecurityLabs/cloudgoat)

WHS 1st Team 먼지 cloud wargame project

👉Web Development Environment(ALL)

each scenario has a different environment...

  • Flask
  • Apache TomcatNginx
  • PHPPython

👉Requirements to Start

  1. Terraform

    -> You can build your infra with simple commands.

    -> https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli

  2. AWS CLI

    -> you can control multiple AWS services from the command line and automate them through scripts.

    -> https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/getting-started-install.html

👉Scenarios (Ordered of Difficulty)

CMD-Inj

$ cd 3.CMD-Inj

Size: Small

Difficulty: Easy

Summary: You start as an outsider. Exploit web application vulnerable to command injection. Enumerate through S3 buckets to find and retrieve flag.txt.

Visit Scenario Page

SSTI

$ cd 4.SSTI

Size: Small

Difficulty: Easy

Summary: You start as an outsider. Exploit web application vulnerable to SSTI using reverse shell. Enumerate and assume iam role to access secretsmanager. Use srcretsmanager to retrieve flag.

Visit Scenario Page

JWT

$ cd 5.JWT

Size: Medium

Difficulty: Moderate

Summary: Modulating JWT of user, you can access the admin page and find a textfield where command injection is possible. Obtaining the reverse shell, check the roles and polices assigned to the server. Use the assigned policy to find a function that seems important, and get the value of the secret used in the function.

Visit Scenario Page

FD-SSM

$ cd 1.FD-SSM

Size: Medium

Difficulty: Moderate

Summary: As an outsider, your objective is to retrieve the /.aws/credentials file using the FileDownload vulnerability on the web. By utilizing the run command, you can gain access to a web EC2 shell. Create an AMI image of the FLAG EC2 instance and execute the command.

Visit Scenario Page

SSRF-APIGW

$ cd 2.SSRF-APIGW

Size: Medium

Difficulty: Moderate

Summary: Exploiting SSRF and open redirect vulnerabilities, you can retrieve metadata. Modify a Lambda function to halt CloudTrail and send requests through API Gateway. Utilize the same method to delete an RDS instance

Visit Scenario Page

✋Notice

🔑 Before you start, you need to create and register your aws account.

$ aws configure 
AWS Access Key ID [None]: <Key id>
AWS Secret Access Key [None]: <Secret Access Key>
Default region name [None]: 
Default output format [None]:

💸 When you're done with the scenario, you'll have to destroy the infra of that scenario. If you don't destroy it, the cost of your aws account will continue to be incurred.

$ terraform destroy //Remove all resources managed by terraform

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 42.2%
  • Java 26.8%
  • PHP 14.5%
  • HTML 9.7%
  • Python 3.0%
  • Hack 2.7%
  • Shell 1.1%