diff --git a/heat/Tunnel_Exercise/Tunnel_V3.yaml b/heat/Tunnel_Exercise/Tunnel_V3.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9d1302a0309a68dc3256ba1b6b7e011067d6d797 --- /dev/null +++ b/heat/Tunnel_Exercise/Tunnel_V3.yaml @@ -0,0 +1,264 @@ +heat_template_version: 2018-08-31 + +description: T10 Student Tunnel Environment + +parameters: + + assign_ip: + type: string + label: Assign IP addresses + description: Set an octet for every IP address in the stack + constraints: + - allowed_pattern: "[1][0-9][0-9]" + description: Number must be between 100 and 199 + + root_password: + type: string + label: Root Password + description: root/administrator password for all VMs + hidden: false + default: changeme + constraints: + - length: { min: 8, max: 20 } + description: Password must be between 8 and 20 characters + - allowed_pattern: "[a-zA-Z0-9]*" + description: Password may not contain special characters + +resources: + + base-network: + type: OS::Neutron::Net + properties: + name: base-network + port_security_enabled: false + + base-subnet: + type: OS::Neutron::Subnet + properties: + allocation_pools: + - start: + str_replace: + template: 10.AssignIP.0.5 + params: + AssignIP: { get_param: assign_ip } + end: + str_replace: + template: 10.AssignIP.0.250 + params: + AssignIP: { get_param: assign_ip } + cidr: + str_replace: + template: 10.AssignIP.0.0/24 + params: + AssignIP: { get_param: assign_ip } + gateway_ip: + str_replace: + template: 10.AssignIP.0.254 + params: + AssignIP: { get_param: assign_ip } + network: { get_resource: base-network } + dns_nameservers: [ 10.50.255.254 ] + name: base-subnet + +#Create route to the interwebies + + base-router: + type: OS::Neutron::Router + properties: + name: base_router + external_gateway_info: {"network": public} + + base-router-interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: base-router } + subnet_id: { get_resource: base-subnet } + +#Build the floating ip + + T1-access-float-ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: public + +#Create the interface for the Float IP + + T1-access-float-port: + type: OS::Neutron::Port + depends_on: sec-group + properties: + port_security_enabled: false + network_id: { get_resource: base-network } + fixed_ips: + - subnet_id: { get_resource: base-subnet } + ip_address: + str_replace: + template: 10.AssignIP.0.99 + params: + AssignIP: { get_param: assign_ip } + +#Associate floating ip with the port + + T1-access-ip-to-port-assoc: + type: OS::Neutron::FloatingIPAssociation + properties: + floatingip_id: {get_resource: T1-access-float-ip} + port_id: {get_resource: T1-access-float-port} + +#Define ports/protocols student can access over floating ip + + sec-group: + type: OS::Neutron::SecurityGroup + properties: + description: Enable what ports student can communicate with box on + name: All the Things + rules: [{"port_range_max": 65535,"port_range_min": 1, "protocol":TCP, "direction":ingress, "direction":egress},{"port_range_max": 65535,"port_range_min": 1, "protocol":UDP, "direction":ingress, "direction":egress},{"protocol":ICMP, "direction":ingress, "direction":egress}] + +# Create interface for T7 so the beacon can work + + BruceBannerT7-port: + type: OS::Neutron::Port + depends_on: sec-group + properties: + port_security_enabled: false + network_id: { get_resource: base-network } + fixed_ips: + - subnet_id: { get_resource: base-subnet } + ip_address: + str_replace: + template: 10.AssignIP.0.13 + params: + AssignIP: { get_param: assign_ip } + + server1: + type: OS::Nova::Server + properties: + name: FrankCastle_T1 + image: CentOS 7 + flavor: cy.small + networks: + - port: { get_resource: T1-access-float-port } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_nix_env.sh" } + params: + $password: { get_param: root_password } + $hostname: frankcastle + $additionalscript: | + #!/bin/bash + echo "Hello" > /root/hello + exit + user_data_format: RAW + + server2: + type: OS::Nova::Server + properties: + name: TonyStark_T2 + image: CentOS 7 + flavor: cy.small + networks: + - network: { get_resource: base-network } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_nix_env.sh" } + params: + $password: { get_param: root_password } + $hostname: tonystark + user_data_format: RAW + + server3: + type: OS::Nova::Server + properties: + name: WadeWilson_T3 + image: CentOS 7 + flavor: cy.small + networks: + - network: { get_resource: base-network } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_nix_env.sh" } + params: + $password: { get_param: root_password } + $hostname: wadewilson + user_data_format: RAW + + server4: + type: OS::Nova::Server + properties: + name: PeterParker_T4 + image: CentOS 7 + flavor: cy.small + networks: + - network: { get_resource: base-network } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_nix_env.sh" } + params: + $password: { get_param: root_password } + $hostname: peterparker + user_data_format: RAW + + server5: + type: OS::Nova::Server + properties: + name: MattMurdock_T5 + image: CentOS 7 + flavor: cy.small + networks: + - network: { get_resource: base-network } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_nix_env.sh" } + params: + $password: { get_param: root_password } + $hostname: mattmurdock + user_data_format: RAW + + server6: + type: OS::Nova::Server + properties: + name: StephenStrange_T6 + image: CentOS 7 + flavor: cy.small + networks: + - network: { get_resource: base-network } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_nix_env.sh" } + params: + $password: { get_param: root_password } + $hostname: stephenstrange + user_data_format: RAW + + server7: + type: OS::Nova::Server + properties: + name: BruceBanner_T7 + image: CentOS 7 + flavor: cy.small + networks: + - port: { get_resource: BruceBannerT7-port } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_nix_env.sh" } + params: + $password: { get_param: root_password } + $hostname: brucebanner + user_data_format: RAW + + server8: + type: OS::Nova::Server + properties: + name: NatashaRomanoff_TW + image: Windows 1803 + flavor: cy.mega + networks: + - network: { get_resource: base-network } + user_data: + str_replace: + template: { get_file: "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/base_tunnel_win_env.ps1" } + params: + $password: { get_param: root_password } + $ip: { get_param: assign_ip } + $hostname: natasharomanoff + user_data_format: RAW \ No newline at end of file diff --git a/heat/environment_scripts/base_tunnel_nix_env.sh b/heat/environment_scripts/base_tunnel_nix_env.sh index 135eb9362793bcbdb5b0a413a83f2aa6f42766b5..2e261f430d91cec48f1fdd605c77f15b8ef3854b 100644 --- a/heat/environment_scripts/base_tunnel_nix_env.sh +++ b/heat/environment_scripts/base_tunnel_nix_env.sh @@ -9,4 +9,5 @@ mkdir /etc/iptables iptables-save > /etc/iptables/rules.v4 iptables-restore < /etc/iptables/rules.v4 sed -i 's#exit 0#iptables-restore < /etc/iptables/rules.v4#g' /etc/rc.local -service rsyslog restart \ No newline at end of file +service rsyslog restart +$additionalscript \ No newline at end of file diff --git a/heat/environment_scripts/base_tunnel_win_env.ps1 b/heat/environment_scripts/base_tunnel_win_env.ps1 index 34cbf7283a6ba11e93ba6472b99809ff31d6ecf9..ac38284fd405b2915c6da7a9dd15f3bff9dfae69 100644 --- a/heat/environment_scripts/base_tunnel_win_env.ps1 +++ b/heat/environment_scripts/base_tunnel_win_env.ps1 @@ -1,4 +1,5 @@ #ps1_sysnative +$ErrorActionPreference = 'SilentlyContinue' Set-executionpolicy unrestricted all netsh advfirewall set allprofiles state off net user administrator $password @@ -17,14 +18,6 @@ Set-Service -Name sshd -StartupType 'Automatic' mkdir C:\Tools invoke-webrequest -uri "10.50.20.121/software4/netcat.zip" -outfile "C:\Tools\netcat.zip" Expand-Archive -LiteralPath 'C:\Tools\netcat.zip' -DestinationPath 'C:\Tools\netcat' -echo "while ($true)" >> C:\Tools\beacon.ps1 -echo "{" >> C:\Tools\beacon.ps1 -echo "[int]$port = 12301" >> C:\Tools\beacon.ps1 -echo "while ($port -gt "12300" -and $port -lt "12325")" >> C:\Tools\beacon.ps1 -echo " {echo "Congrats! You are an 31337 H4x0r!" | C:\Tools\netcat\nc.exe -w 1 10.169.0.13 $port" >> C:\Tools\beacon.ps1 -echo " sleep 1" >> C:\Tools\beacon.ps1 -echo " $port = $port + 1" >> C:\Tools\beacon.ps1 -echo " }" >> C:\Tools\beacon.ps1 -echo "}" >> C:\Tools\beacon.ps1 +invoke-webrequest -uri "https://git.cybbh.space/t10/public/raw/master/heat/environment_scripts/nc_beacon.ps1" -outfile "C:\Tools\beacon.ps1" powershell -ExecutionPolicy Bypass -file "C:\Tools\beacon.ps1" exit 1001 \ No newline at end of file diff --git a/heat/environment_scripts/nc_beacon.ps1 b/heat/environment_scripts/nc_beacon.ps1 new file mode 100644 index 0000000000000000000000000000000000000000..60fa54467e6bdb9d362ca0e97eb3f7d63d1f53e0 --- /dev/null +++ b/heat/environment_scripts/nc_beacon.ps1 @@ -0,0 +1,9 @@ +while ($true) +{ +[int]$port = 12301 +while ($port -gt "12300" -and $port -lt "12325") +{echo "Congrats! You are an 31337 H4x0r!" | C:\Tools\netcat\nc.exe -w 1 10.169.0.13 $port +sleep 1 +$port = $port + 1 +} +} \ No newline at end of file