Created
May 12, 2021 22:26
-
-
Save DanaEpp/713e54b2ee3d276f39a3873b6e9a76b2 to your computer and use it in GitHub Desktop.
My disposable VPN script I use during external #redteam engagements
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Author: Dana Epp (@danaepp) | |
| GROUP_NAME="DisposableVPN" | |
| VM_NAME="DisposableVPN" | |
| REGION="canadacentral" | |
| PORT="51820" | |
| echo "Creating resource group '$GROUP_NAME'..." | |
| az group create -l $REGION -n $GROUP_NAME --output none | |
| echo "Creating new VM called '$VM_NAME'..." | |
| az vm create -g $GROUP_NAME -n $VM_NAME --image UbuntuLTS --size Standard_B1ls --admin-username vpnadmin --generate-ssh-keys --output none | |
| # Get the pubic IP | |
| VM_IP=`az vm show -d -n $VM_NAME -g $GROUP_NAME --query publicIps -o tsv` | |
| # Enable a NSG rule allowing inbound VPN | |
| echo 'Creating inbound rule for this NSG to allow VPN...' | |
| az network nsg rule create -g $GROUP_NAME --nsg-name ${VM_NAME}NSG -n AllowVPNRule --priority 1042 --access Allow --direction Inbound --destination-port-ranges $PORT --protocol Udp -o none | |
| # Fetch the Wireguard warrior script and drop in the home dir | |
| echo "Fetching Wireguard Warrior script from GitHub..." | |
| az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "wget https://git.io/wireguard -O /home/vpnadmin/wireguard-install.sh" --output none | |
| # We have to disable the check for stdin so we can automate deployment | |
| az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "sed -i 's/read -N 999999 -t 0.001/# read -N 999999 -t 0.001/' /home/vpnadmin/wireguard-install.sh" --output none | |
| # Execute the Wireguard warrior script with out config | |
| echo "Setting up Wireguard VPN..." | |
| az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "printf '$1\n$2\ntmpvpn\n1\n' | sudo bash /home/vpnadmin/wireguard-install.sh" --output none --parameters $VM_IP $PORT | |
| # Move the config file to the user dir so they can grab it | |
| echo "Watching for config to make it accessable..." | |
| az vm run-command invoke -g $GROUP_NAME -n $VM_NAME --command-id RunShellScript --scripts "while [ ! -f /root/tmpvpn.conf ]; do sleep 1; done; mv /root/tmpvpn.conf /home/vpnadmin/tmpvpn.conf && chown vpnadmin:vpnadmin /home/vpnadmin/tmpvpn.conf" --output none | |
| # Grab the vpn config file | |
| echo "Attempting to get Wireguard VPN client config file..." | |
| scp -oStrictHostKeyChecking=accept-new vpnadmin@$VM_IP:tmpvpn.conf . | |
| echo "You can now load tmpvpn.conf into Wireguard for use" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment