Labs

AWSGoat

GitHub - ine-labs/AWSGoat: AWSGoat : A Damn Vulnerable AWS InfrastructureGitHub

CloudGOAT

GitHub - RhinoSecurityLabs/cloudgoat: CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment toolGitHub

$ sudo apt install gpg
$ wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
$ echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com bullseye main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
$ sudo apt update && sudo apt install terraform
$ terraform --version 

Create a free AWS account

Create a user, add the user to a group with administratorAccess

Generate Key

More info: https://tryhackme.com/room/introductiontocloudgoat

Use the generated keys

$ aws configure --profile cloudgoat   

Install cloudgoat

$ pipx install cloudgoat 

#  type "cloudgoat" as the profile name
$ cloudgoat config aws

# Whitelist your IP address
$ cloudgoat config whitelist --auto 

Launch a scenario

cloudgoat create ec2_ssrf

Destroy the scenario created

cloudgoat destroy [scenario-name] 

Pwnedlabs

Pwned Labs - The ultimate cybersecurity training groundPwned Labs