TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool
2022-7-28 20:30:0 Author: www.kitploit.com(查看原文) 阅读量:28 收藏

TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool.

Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure.

Scenarios

ID Cloud Service Company Types Of Cloud Services Vulnerable Environment
1 Alibaba Cloud Networking VPC Security Group Open All Ports
2 Alibaba Cloud Networking VPC Security Group Open Common Ports
3 Alibaba Cloud Object Storage Bucket HTTP Enable
4 Alibaba Cloud Object Storage Object ACL Writable
5 Alibaba Cloud Object Storage Object ACL Readable
6 Alibaba Cloud Object Storage Special Bucket Policy
7 Alibaba Cloud Object Storage Bucket Public Access
8 Alibaba Cloud Object Storage Object Public Access
9 Alibaba Cloud Object Storage Bucket Logging Disable
10 Alibaba Cloud Object Storage Bucket Policy Readable
11 Alibaba Cloud Object Storage Bucket Object Traversal
12 Alibaba Cloud Object Storage Unrestricted File Upload
13 Alibaba Cloud Object Storage Server Side Encryption No KMS Set
14 Alibaba Cloud Object Storage Server Side Encryption Not Using BYOK
15 Alibaba Cloud Elastic Computing Service ECS SSRF
16 Alibaba Cloud Elastic Computing Service ECS Unattached Disks Are Unencrypted
17 Alibaba Cloud Elastic Computing Service ECS Virtual Machine Disks Are Unencrypted
18 Tencent Cloud Networking VPC Security Group Open All Ports
19 Tencent Cloud Networking VPC Security Group Open Common Ports
20 Tencent Cloud Object Storage Bucket ACL Writable
21 Tencent Cloud Object Storage Bucket ACL Readable
22 Tencent Cloud Object Storage Bucket Public Access
23 Tencent Cloud Object Storage Object Public Access
24 Tencent Cloud Object Storage Unrestricted File Upload
25 Tencent Cloud Object Storage Bucket Object Traversal
26 Tencent Cloud Object Storage Bucket Logging Disable
27 Tencent Cloud Object Storage Server Side Encryption Disable
28 Tencent Cloud Elastic Computing Service CVM SSRF
29 Tencent Cloud Elastic Computing Service CBS Storage Are Not Used
30 Tencent Cloud Elastic Computing Service CVM Virtual Machine Disks Are Unencrypted
31 Huawei Cloud Networking ECS Unsafe Security Group
32 Huawei Cloud Object Storage Object ACL Writable
33 Huawei Cloud Object Storage Special Bucket Policy
34 Huawei Cloud Object Storage Unrestricted File Upload
35 Huawei Cloud Object Storage Bucket Object Traversal
36 Huawei Cloud Object Storage Wrong Policy Causes Arbitrary File Uploads
37 Huawei Cloud Elastic Computing Service ECS SSRF
38 Huawei Cloud Relational Database Service RDS Mysql Baseline Checking Environment
39 Amazon Web Services Networking VPC Security Group Open All Ports
40 Amazon Web Services Networking VPC Security Group Open Common Ports
41 Amazon Web Services Object Storage Object ACL Writable
42 Amazon Web Services Object Storage Bucket ACL Writable
43 Amazon Web Services Object Storage Bucket ACL Readable
44 Amazon Web Services Object Storage MFA Delete Is Disable
45 Amazon Web Services Object Storage Special Bucket Policy
46 Amazon Web Services Object Storage Bucket Object Traversal
47 Amazon Web Services Object Storage Unrestricted File Upload
48 Amazon Web Services Object Storage Bucket Logging Disable
49 Amazon Web Services Object Storage Bucket Allow HTTP Access
50 Amazon Web Services Object Storage Bucket Default Encryption Disable
51 Amazon Web Services Elastic Computing Service EC2 SSRF
52 Amazon Web Services Elastic Computing Service Console Takeover
53 Amazon Web Services Elastic Computing Service EBS Volumes Are Not Used
54 Amazon Web Services Elastic Computing Service EBS Volumes Encryption Is Disabled
55 Amazon Web Services Elastic Computing Service Snapshots Of EBS Volumes Are Unencrypted
56 Amazon Web Services Identity and Access Management IAM Privilege Escalation
57 Google Cloud Platform Object Storage Object ACL Writable
58 Google Cloud Platform Object Storage Bucket ACL Writable
59 Google Cloud Platform Object Storage Bucket Object Traversal
60 Google Cloud Platform Object Storage Unrestricted File Upload
61 Google Cloud Platform Elastic Computing Service VM Command Execution
62 Microsoft Azure Object Storage Blob Public Access
63 Microsoft Azure Object Storage Container Blob Traversal
64 Microsoft Azure Elastic Computing Service VM Command Execution

Install

TerraformGoat is deployed using Docker images and therefore requires Docker Engine environment support, Docker Engine installation can be found in https://docs.docker.com/engine/install/

Depending on the cloud service provider you are using, choose the corresponding installation command.

Alibaba Cloud

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker run -itd --name terraformgoat_aliyun_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker exec -it terraformgoat_aliyun_0.0.4 /bin/bash

Tencent Cloud

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_tencentcloud:0.0.4
docker run -itd --name terraformgoat_tencentcloud_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_tencentcloud:0.0.4
docker exec -it terraformgoat_tencentcloud_0.0.4 /bin/bash

Huawei Cloud

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_huaweicloud:0.0.4
docker run -itd --name terraformgoat_huaweicloud_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_huaweicloud:0.0.4
docker exec -it terraformgoat_huaweicloud_0.0.4 /bin/bash

Amazon Web Services

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aws:0.0.4
docker run -itd --name terraformgoat_aws_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aws:0.0.4
docker exec -it terraformgoat_aws_0.0.4 /bin/bash

Google Cloud Platform

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_gcp:0.0.4
docker run -itd --name terraformgoat_gcp_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_gcp:0.0.4
docker exec -it terraformgoat_gcp_0.0.4 /bin/bash

Microsoft Azure

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_azure:0.0.4
docker run -itd --name terraformgoat_azure_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_azure:0.0.4
docker exec -it terraformgoat_azure_0.0.4 /bin/bash

Demo

After entering the container, cd to the corresponding scenario directory and you can start deploying the scenario.

Here is a demonstration of the Alibaba Cloud Bucket Object Traversal scenario build.

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker run -itd --name terraformgoat_aliyun_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker exec -it terraformgoat_aliyun_0.0.4 /bin/bash

 
cd /TerraformGoat/aliyun/oss/bucket_object_traversal/
aliyun configure
terraform init
terraform apply

The program prompts Enter a value:, type yes and enter, use curl to access the bucket, you can see the object traversed.

To avoid the cloud service from continuing to incur charges, remember to destroy the scenario in time after using it.

Uninstall

If you are in a container, first execute the exit command to exit the container, and then execute the following command under the host.

docker stop $(docker ps -a -q -f "name=terraformgoat*")
docker rm $(docker ps -a -q -f "name=terraformgoat*")
docker rmi $(docker images -a -q -f "reference=registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat*")

Notice

  1. The README of each vulnerable environment is executed within the TerraformGoat container environment, so the TerraformGoat container environment needs to be deployed first.
  2. Due to the horizontal risk of intranet horizontal on the cloud in some scenarios, it is strongly recommended that users use their own test accounts to configure the scenarios, avoid using the cloud account of the production environment, and install TerraformGoat using Dockerfile to isolate the user's local cloud vendor token and the test account token.
  3. TerraformGoat is used for educational purposes only, It is not allowed to use it for illegal and criminal purposes, any consequences arising from TerraformGoat are the responsibility of the person using it, and not the selefra organization.

Contributing

Contributions are welcomed and greatly appreciated. Further reading — CONTRIBUTING.md for details on contribution workflow.

License

TerraformGoat is under the Apache 2.0 license. See the LICENSE file for details.

TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool Reviewed by Zion3R on 8:30 AM Rating: 5


文章来源: http://www.kitploit.com/2022/07/terraformgoat-vulnerable-by-design.html
如有侵权请联系:admin#unsafe.sh