ine-labs / awsgoat Goto Github PK
View Code? Open in Web Editor NEWAWSGoat : A Damn Vulnerable AWS Infrastructure
License: MIT License
AWSGoat : A Damn Vulnerable AWS Infrastructure
License: MIT License
Hi there,
Is it possible to list down IAM required privileges/permissions to deploy this app? The README.md
says:
AWS Access Key with Administrative Privileges
but I'm afraid is not concise enough and is not recommended to have API key for root user.
I run into this error "Error deploying Module 1 on main.tf line 3553" when running deploying Mod1. I have deployed this using a Amazon Linux 2 instances. I verified the the secrets are valid. Has anyone run into this?
Error: local-exec provisioner error
│
│ with null_resource.populate_table,
│ on main.tf line 3553, in resource "null_resource" "populate_table":
│ 3553: provisioner "local-exec" {
│
│ Error running command 'sed -i 's/replace-bucket-name/production-blog-awsgoat-bucket-888888888/g' resources/dynamodb/blog-posts.json
│ python3 resources/dynamodb/populate-table.py
│ ': exit status 1. Output: Traceback (most recent call last):
│ File "/home/ubuntu/AWSGoat-DubLearn/modules/module-1/resources/dynamodb/populate-table.py", line 6, in
│ session=boto3.Session(aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'], aws_secret_access_key=os.environ['AWS_SECRET_ACCESS_KEY'])
│ File "/usr/lib/python3.10/os.py", line 679, in getitem
│ raise KeyError(key) from None
│ KeyError: 'AWS_ACCESS_KEY_ID'
Hi there,
I am getting this ERROR when applying terraform on module-1:
aws_lambda_function.react_lambda_app: Creating...
╷
│ Error: error creating Lambda Function (1): InvalidParameterValueException: The runtime parameter of nodejs14.x is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (nodejs20.x) while creating or updating functions.
│ {
│ RespMetadata: {
│ StatusCode: 400,
│ RequestID: "<snip>"
│ },
│ Message_: "The runtime parameter of nodejs14.x is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (nodejs20.x) while creating or updating functions.",
│ Type: "User"
│ }
| with aws_lambda_function.react_lambda_app,
│ on main.tf line 23, in resource "aws_lambda_function" "react_lambda_app":
│ 23: resource "aws_lambda_function" "react_lambda_app" {
Having some installation error.
I created a new aws account with MFA.
then followed the steps. Then I am getting terraform errors 1, 254, 255.
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/setup-python@v2. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
The set-output
command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
The main.tf file does not match the intention of the environment exercise. This is reflected in the solution documentation and video. Line 3455 on main.tf contains the following line:
"${aws_iam_role.blog_app_lambda.arn}"
This will input "blog_app_lambda" role into this policy. However, this will not allow you to escalate privileges in the way the solution documentation shows. Reference this image from the solutions documentation which clearly shows that this role arn should actually be for the "blog_app_lambda_data" role.
In fact, the dev-ec2-lambda-policies only has 1 version created by the main.tf template, which means "--version-id v2" of the aws iam get-policy-version command will not work.
A simple change to line 3455 instead to:
"${aws_iam_role.blog_app_lambda_python.arn}"
Would give the desired result of inputting "blog_app_lambda_role" to this policy. This would allow privilege escalation in the method shown as a solution. The version would still remain as v1 unless further edits are made to main.tf.
Minor issue on the solution docs - the 02-SQL Injection.md
states:
Check the response, you will see that we have successfully managed to gain access to all the data of all the users, even sensitive data like passwords, phone, addresses, etc.
However, the password nor the secret answer is part of the response.
{
"secretQuestion": "",
"creationDate": "2022-01-25T00:00:00.000Z",
"address": "Ap #662-2304 Phasellus Ave",
"secretAnswer": "",
"email": "[email protected]",
"country": "Germany",
"name": "Naida Dotson",
"authLevel": "0",
"password": "",
"username": "naidadotson",
"id": "1",
"userStatus": "active",
"phone": "329938731"
}
Hi,
Recently I was trying to install the AWS goat in my Linux machine and despite providing the creds for Administrator access user I was getting the following error again and again
AccessControlListNotSupported: The bucket does not allow ACLs
Maybe It's because of this can you please confirm from your side?
Thanks
The first xss documented on
https://github.com/ine-labs/AWSGoat/blob/master/solutions/module-1/01-Reflected%20XSS.md
<script>alert('1')</script>
with expected behaviour:
An alert box pops up on our screen which confirms that our application is vulnerable to XSS injection attacks
does not work, at least not for me.
The xss using the <image>
tag works as expected and documented.
When entering above line, nothing happens.
Environment:
Tested with Brave (Version 1.41.100 Chromium: 103.0.5060.134 (Official Build) (64-bit)) and Chrome (Version 104.0.5112.79 (Official Build) (64-bit)), on 5.18.14-1-MANJARO + xfce. Also tested on Mac OS 12.5 with Chrome, same result.
Hello,
I made some simple changes to the login.php file in /modules/module-2/src/src/login.php file.
I created a new ECS repo and used push commands to build a new Docker image and replaced the uri in the .json file as mentioned. However when i run terraform apply i am not seeing any changes on the Web App. Am i missing any step?
While performing the AWS Goat Lab, I realized that the initial access provided the AWS session for blog-application-data role. But when I tried to perform the privilege escalation, then I realized that the dev-ec2-lambda-policies is misconfigured to allow AttachRolePolicy to the blog_app_lambda role instead of blog-application-data role.
Is it expected or am I missing anything?
Seems the SSRF part 1 does not work as per the guide. The response is 'Invalid Authorization'. I think its expected this will be done using a self registered user, I don't see alternate credentials for this elsewhere or referred to in the guide. The error is the same trying to upload an image as in normal, non exploitation activity.
I am wondering about the situation that someone can try to scan and find application urls for AWS Goat deployment and then through Privilege escalation get Admin account rights on my AWS tenant. I just want to understand if this deployment would be safe from outside threat.
PS - I am quite new to Cloud Security and I think your project has nailed it. Its exactly what I was looking for breaking into Cloud Security . Thank you.
Would it be possible to integrate AWSGoat with CICDGoat? The idea is to have a full pipeline for infrastructure as code and software development lifecycle. This way it would be possible to perform more simulations for example intentionally leaving an access key somewhere like web.config and pushing the changes to the main repo, building the web app and publishing it.
I think there is a missing ID on line https://github.com/ine-labs/AWSGoat/blob/master/.github/workflows/tf-apply-main.yml#L41
Supposed to be like this:
- name: Terraform Plan
id: plan
run: |
terraform plan -input=false
ls -al
continue-on-error: false
References
https://docs.github.com/en/actions/learn-github-actions/contexts#steps-context
Hi there,
I am getting this ERROR after running terraform on my local linux machine:
cd modules/module-1
terraform init
terraform apply --auto-approve
│ Error: Error creating S3 bucket: BucketAlreadyExists: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.
│ status code: 409, request id: <snip>, host id: <snip>
│
│ with aws_s3_bucket.bucket_temp,
│ on main.tf line 3354, in resource "aws_s3_bucket" "bucket_temp":
│ 3354: resource "aws_s3_bucket" "bucket_temp" {
This is the list of my s3 buckets:
aws s3 ls
dev-blog-awsgoat-bucket-...
do-not-delete-awsgoat-state-files-...
production-blog-awsgoat-bucket-...
Am I missing something? Thanks.
Hi there,
I am getting this when applying the terraform:
│ Error: creating IAM instance profile AWS_GOAT_ec2_profile: EntityAlreadyExists: Instance Profile AWS_GOAT_ec2_profile already exists.
│ status code: 409, request id: ca6<snipped>
│
│ with aws_iam_instance_profile.goat_iam_profile,
│ on main.tf line 3484, in resource "aws_iam_instance_profile" "goat_iam_profile":
│ 3484: resource "aws_iam_instance_profile" "goat_iam_profile" {
│
╵
Error: Process completed with exit code 1.
I can destroy created resources with terraform destroy
successfully though. Can someone have a look? Do we have duplicated command somewhere?
Can Security Hub detect those resources created? I am trying to run the Security Hub but it did not detect anything.
I tried the manual installation (not via Github action) and it works fine, however, when you destroy the same project and re-apply it again, the frontend will point to the wrong (old / previous) API_GATEWAY_URL, as it has already been replaced in the first run, due to:
main.tf:
3624: sed -i "s,API_GATEWAY_URL,${aws_api_gateway_deployment.apideploy_ba.invoke_url},g" modules/module-1/resources/s3/webfiles/build/static/js/main.5e35cae6.js
3625: sed -i "s,API_GATEWAY_URL,${aws_api_gateway_deployment.apideploy_ba.invoke_url},g" modules/module-1/resources/s3/webfiles/build/static/js/main.5e35cae6.js.map
Just mentioning it here in case others are wondering about the same. Feel free to close if it's not intended to be used like this (destroyed and re-applie).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.