Create a VPS on Google Cloud Platform or Digital Ocean easily to use Offensive Docker and launch the assessments to the targets.
Requirements
Usage
git clone –depth 1 https://github.com/aaaguirrep/offensive-docker-vps.git vps
cd vps
ssh-keygen -t rsa -f offensive
in the terminal. Empty passphrase is ok.# Initialize terraform provider
$ terraform init
Terraform has been successfully initialized!
# Create the resources
$ terraform apply -auto-approve
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Outputs:
external_ip = x.x.x.x
Note: The instance type and the region used are: n1-standard-1 and us-central1. You can change the values on server.tf and main.tf
Demo
Digital Ocean
export TF_VAR_do_token="Personal_Access_Token_Here"
# Initialize terraform provider
$ terraform init
Terraform has been successfully initialized!
# Create the resources
$ terraform apply -auto-approve
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Outputs:
external_ip = x.x.x.x
Note: The droplet type and the region used are: s-2vcpu-4gb and nyc3. You can change the values on server.tf and variables.tf
Demo
Ansible
$ ansible-playbook playbook.yaml
TASK [Configuration finished] *******************************************************
ok: [x.x.x.x] => { “msg”: “System configured correctly.”
}
Demo
Access to VPS
# Access to VPS
$ ssh offensive@x.x.x.x -i ../credentials/offensive
Demo
Destroy the VPS
# Destroy the resource
$ terraform destroy -auto-approve
Note: For Digital Ocean, if you dont have a default VPC created in the region used it shows an error to destroy the VPC but no problem, it will destroy the others resources.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…