LivingInSyn · July 17, 2022 00:43
diff --git a/target-a-setup.sh b/target-a-setup.sh
 #!/bin/bash

 # install docker 
 sudo apt-get update
 sudo apt install -yq ca-certificates curl gnupg lsb-release 
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 apt update
 apt install -yq docker-ce docker-ce-cli containerd.io


 # create our "data" to exfil
 COUNT="2000" #1M block size * 2000 = 20000 ~ 20gb
 OFILE="data.enc"
 dd if=<(openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero) of=$OFILE bs=1M count=$COUNT iflag=fullblock

 # pull down the script and the Dockerfile
 mkdir -p /vuln_app
 cd /vuln_app

 # https://gist.github.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb
 curl -Lo vuln_app.py https://gist.githubusercontent.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb/raw/9c1c2dceb955507429a567a01d22b62becff0ebc/vuln_app.py

 # https://gist.github.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3
 curl -Lo Dockerfile https://gist.githubusercontent.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3/raw/8ff7bfa00cadd81ad86cc0e465d80ce4d5924e58/Dockerfile

 # run it as a privileged container to allow breakouts
 docker build -t vuln_app . && docker run --privileged --rm -dt --name vuln_app -p 80:8080 vuln_app

 # missing - SSH key setup for lateral movement to lat-a
	#!/bin/bash

	# install docker
	sudo apt-get update
	sudo apt install -yq ca-certificates curl gnupg lsb-release
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
	echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
	apt update
	apt install -yq docker-ce docker-ce-cli containerd.io


	# create our "data" to exfil
	COUNT="2000" #1M block size * 2000 = 20000 ~ 20gb
	OFILE="data.enc"
	dd if=<(openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null \| base64)" -nosalt < /dev/zero) of=$OFILE bs=1M count=$COUNT iflag=fullblock

	# pull down the script and the Dockerfile
	mkdir -p /vuln_app
	cd /vuln_app

	# https://gist.github.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb
	curl -Lo vuln_app.py https://gist.githubusercontent.com/LivingInSyn/b2fbdf9ce6786450725292924604cddb/raw/9c1c2dceb955507429a567a01d22b62becff0ebc/vuln_app.py

	# https://gist.github.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3
	curl -Lo Dockerfile https://gist.githubusercontent.com/LivingInSyn/3c1e675a6ebbb2dd720e1be0edaadde3/raw/8ff7bfa00cadd81ad86cc0e465d80ce4d5924e58/Dockerfile

	# run it as a privileged container to allow breakouts
	docker build -t vuln_app . && docker run --privileged --rm -dt --name vuln_app -p 80:8080 vuln_app

	# missing - SSH key setup for lateral movement to lat-a