Skip to content

juanjoSanz/aws-pentesting-lab-ad

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
metasploitable3
metasploitable3
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
aws_eip.tf
aws_eip.tf
 
 
aws_igw.tf
aws_igw.tf
 
 
aws_instance_private_dvca.tf
aws_instance_private_dvca.tf
 
 
aws_instance_private_metasploitable3.tf
aws_instance_private_metasploitable3.tf
 
 
aws_instance_public_kali.tf
aws_instance_public_kali.tf
 
 
aws_nat_gateway.tf
aws_nat_gateway.tf
 
 
aws_route_tables.tf
aws_route_tables.tf
 
 
aws_security_group.tf
aws_security_group.tf
 
 
aws_subnets.tf
aws_subnets.tf
 
 
aws_vpc.tf
aws_vpc.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
payload-dvca.sh
payload-dvca.sh
 
 
payload-kali.sh
payload-kali.sh
 
 
sonar-project.properties
sonar-project.properties
 
 
sonarcloud.yml
sonarcloud.yml
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

AWS Pen-Testing Laboratory

IMPORTANT!!! Initial state of this project, that means it is still not usable.

PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable WIN AD instances in a private subnet.

NOTE:

  • Ids only defined for region "eu-west-1"

Changelog

  • [2021-03-10] Use new Kali version 2021.1

Diagram

Architecture Diagram Change me!

Components

  • Kali 2021.1 instance (private key is saved into kali.pem)
    • Wireguard VPN service: client file client_vpn.wg
    • Accessible via ssh/scp
    • Public Subnet 10.0.0.5/24
  • Vulnerable AD Server (servers?)

How-To

  • Requirements:
    • Terraform CLI install guide
    • AWS CLI install guide
    • $PATH configured for AWS CLI & Terraform
    • AWS account and configure credentials via aws cli: aws configure
    • Kali Linux Subscription in AWS Marketplace (version 2020.04)
    • Metasploitable3 AMI image previously built (public AMI available for eu-west-1 region) see

Deploy

  1. Enable/disable vulnerable instances to be deployed setting 0 or 1 in variables.tf:
variable "deploment-control" {
  type = map
  default = {
    #"instance" = 0 or 1, to disable or enable
    "metasploitable3" = 1
    "dvca" = 0
  }
  description = "Control which EC2 instances are deployed, 0 for none or 1"
}
  1. Use terraform for deploy infraestructure
terraform init
terraform plan
terraform apply -auto-approve

Usage

Either connect to Kali via ssh or wireguard:

  • SSH: (Only command line) Use autogenerated private key (see terraform output)
KALI_IP=<KALI_IP>     # configure kali public ip
ssh -i kali.pem -o StrictHostKeyChecking=no -o IdentitiesOnly=yes kali@${KALI_IP}
  • Wireguard: Connect your local kali instance via wireguard (see client_vpn.wg generated file)
KALI_IP=<KALI_IP>     # configure kali public ip
scp -i kali.pem -o StrictHostKeyChecking=no IdentitiesOnly=yes kali@${KALI_IP}:/home/kali/client_vpn.wg .

Destroy

terraform destroy -auto-approve

References

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

2 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages