Kali Linux

TerraformGoat : “Vulnerable By Design” Multi Cloud Deployment Tool

TerraformGoat is selefra research lab’s “Vulnerable by Design” multi cloud deployment tool.

Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure.

Scenarios

IDCloud Service CompanyTypes Of Cloud ServicesVulnerable Environment
1Alibaba CloudNetworkingVPC Security Group Open All Ports
2Alibaba CloudNetworkingVPC Security Group Open Common Ports
3Alibaba CloudObject StorageBucket HTTP Enable
4Alibaba CloudObject StorageObject ACL Writable
5Alibaba CloudObject StorageObject ACL Readable
6Alibaba CloudObject StorageSpecial Bucket Policy
7Alibaba CloudObject StorageBucket Public Access
8Alibaba CloudObject StorageObject Public Access
9Alibaba CloudObject StorageBucket Logging Disable
10Alibaba CloudObject StorageBucket Policy Readable
11Alibaba CloudObject StorageBucket Object Traversal
12Alibaba CloudObject StorageUnrestricted File Upload
13Alibaba CloudObject StorageServer Side Encryption No KMS Set
14Alibaba CloudObject StorageServer Side Encryption Not Using BYOK
15Alibaba CloudElastic Computing ServiceECS SSRF
16Alibaba CloudElastic Computing ServiceECS Unattached Disks Are Unencrypted
17Alibaba CloudElastic Computing ServiceECS Virtual Machine Disks Are Unencrypted
18Tencent CloudNetworkingVPC Security Group Open All Ports
19Tencent CloudNetworkingVPC Security Group Open Common Ports
20Tencent CloudObject StorageBucket ACL Writable
21Tencent CloudObject StorageBucket ACL Readable
22Tencent CloudObject StorageBucket Public Access
23Tencent CloudObject StorageObject Public Access
24Tencent CloudObject StorageUnrestricted File Upload
25Tencent CloudObject StorageBucket Object Traversal
26Tencent CloudObject StorageBucket Logging Disable
27Tencent CloudObject StorageServer Side Encryption Disable
28Tencent CloudElastic Computing ServiceCVM SSRF
29Tencent CloudElastic Computing ServiceCBS Storage Are Not Used
30Tencent CloudElastic Computing ServiceCVM Virtual Machine Disks Are Unencrypted
31Huawei CloudNetworkingECS Unsafe Security Group
32Huawei CloudObject StorageObject ACL Writable
33Huawei CloudObject StorageSpecial Bucket Policy
34Huawei CloudObject StorageUnrestricted File Upload
35Huawei CloudObject StorageBucket Object Traversal
36Huawei CloudObject StorageWrong Policy Causes Arbitrary File Uploads
37Huawei CloudElastic Computing ServiceECS SSRF
38Huawei CloudRelational Database ServiceRDS Mysql Baseline Checking Environment
39Amazon Web ServicesNetworkingVPC Security Group Open All Ports
40Amazon Web ServicesNetworkingVPC Security Group Open Common Ports
41Amazon Web ServicesObject StorageObject ACL Writable
42Amazon Web ServicesObject StorageBucket ACL Writable
43Amazon Web ServicesObject StorageBucket ACL Readable
44Amazon Web ServicesObject StorageMFA Delete Is Disable
45Amazon Web ServicesObject StorageSpecial Bucket Policy
46Amazon Web ServicesObject StorageBucket Object Traversal
47Amazon Web ServicesObject StorageUnrestricted File Upload
48Amazon Web ServicesObject StorageBucket Logging Disable
49Amazon Web ServicesObject StorageBucket Allow HTTP Access
50Amazon Web ServicesObject StorageBucket Default Encryption Disable
51Amazon Web ServicesElastic Computing ServiceEC2 SSRF
52Amazon Web ServicesElastic Computing ServiceConsole Takeover
53Amazon Web ServicesElastic Computing ServiceEBS Volumes Are Not Used
54Amazon Web ServicesElastic Computing ServiceEBS Volumes Encryption Is Disabled
55Amazon Web ServicesElastic Computing ServiceSnapshots Of EBS Volumes Are Unencrypted
56Amazon Web ServicesIdentity and Access ManagementIAM Privilege Escalation
57Google Cloud PlatformObject StorageObject ACL Writable
58Google Cloud PlatformObject StorageBucket ACL Writable
59Google Cloud PlatformObject StorageBucket Object Traversal
60Google Cloud PlatformObject StorageUnrestricted File Upload
61Google Cloud PlatformElastic Computing ServiceVM Command Execution
62Microsoft AzureObject StorageBlob Public Access
63Microsoft AzureObject StorageContainer Blob Traversal
64Microsoft AzureElastic Computing ServiceVM Command Execution

Install

TerraformGoat is deployed using Docker images and therefore requires Docker Engine environment support, Docker Engine installation can be found in https://docs.docker.com/engine/install/

Depending on the cloud service provider you are using, choose the corresponding installation command.

Alibaba Cloud

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker run -itd –name terraformgoat_aliyun_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker exec -it terraformgoat_aliyun_0.0.4 /bin/bash

Tencent Cloud

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_tencentcloud:0.0.4
docker run -itd –name terraformgoat_tencentcloud_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_tencentcloud:0.0.4
docker exec -it terraformgoat_tencentcloud_0.0.4 /bin/bash

Huawei Cloud

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_huaweicloud:0.0.4
docker run -itd –name terraformgoat_huaweicloud_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_huaweicloud:0.0.4
docker exec -it terraformgoat_huaweicloud_0.0.4 /bin/bash

Amazon Web Services

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aws:0.0.4
docker run -itd –name terraformgoat_aws_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aws:0.0.4
docker exec -it terraformgoat_aws_0.0.4 /bin/bash

emo

After entering the container, cd to the corresponding scenario directory and you can start deploying the scenario.

Here is a demonstration of the Alibaba Cloud Bucket Object Traversal scenario build

docker pull registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker run -itd –name terraformgoat_aliyun_0.0.4 registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat_aliyun:0.0.4
docker exec -it terraformgoat_aliyun_0.0.4 /bin/bash

Uninstall

If you are in a container, first execute the exit command to exit the container, and then execute the following command under the host.

docker stop $(docker ps -a -q -f “name=terraformgoat“) docker rm $(docker ps -a -q -f “name=terraformgoat“)
docker rmi $(docker images -a -q -f “reference=registry.cn-beijing.aliyuncs.com/huoxian_pub/terraformgoat*”)

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago