AzureGoat : A Damn Vulnerable Azure Infrastructure

Overview

AzureGoat : A Damn Vulnerable Azure Infrastructure

1

Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since the cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. Microsoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community.

AzureGoat is a vulnerable by design infrastructure on Azure featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as App Functions, CosmosDB, Storage Accounts, Automation and Identities. AzureGoat mimics real-world infrastructure but with added vulnerabilities. It features multiple escalation paths and is focused on a black-box approach.

The project will be divided into modules and each module will be a separate web application, powered by varied tech stacks and development practices. It will leverage IaC through terraform to ease the deployment process.

Presented at

Developed with ❤️ by INE

Built With

  • Azure
  • React
  • Python 3
  • Terraform

Vulnerabilities

The project is scheduled to encompass all significant vulnerabilities including the OWASP TOP 10 2021, and popular cloud misconfigurations. Currently, the project contains the following vulnerabilities/misconfigurations.

  • XSS
  • SQL Injection
  • Insecure Direct Object reference
  • Server Side Request Forgery on App Function Environment
  • Sensitive Data Exposure and Password Reset
  • Storage Account Misconfigurations
  • Identity Misconfigurations

Getting Started

Prerequisites

  • An Azure Account

Installation

To ease the deployment process the user just needs to clone this repo, login to azure cli then initialize and apply the Terraform file. This workflow will deploy the whole infrastructure and output the hosted application's URL.

Here are the steps to follow:

Step 1. Clone the repo

git clone https://github.com/ine-labs/AzureGoat

Step 2. Login to Azure CLI

az login

And follow the steps to sign in.

Step 3. Create a resource group with the name "azuregoat_app".

Step 4. Use terraform to deploy AzureGoat

terraform init
terraform apply --auto-approve

Modules

Module 1

The first module features a serverless blog application utilizing Azure App Functions, Storage Accounts, CosmosDB, and Azure Automation. It consists of various web application vulnerabilities and facilitates exploitation of misconfigured Azure resources.

Overview of escalation paths for module-1

6

Contributors

Nishant Sharma, Director, Lab Platform, INE [email protected]

Jeswin Mathai, Chief Architect, Lab Platform, INE [email protected]

Rachna Umaraniya, Cloud Developer, INE [email protected]

Sherin Stephen, Software Engineer (Cloud), INE [email protected]

Shantanu Kale, Cloud Developer, INE [email protected]

Sanjeev Mahunta, Software Engineer (Cloud), INE [email protected]

Solutions

The manuals are available in the solutions directory

Module 1 Exploitation Videos: https://www.youtube.com/playlist?list=PLcIpBb4raSZGdYHKpqIu5Boc2ziga4oGY

Documentation

For more details refer to the "AzureGoat.pdf" PDF file. This file contains the slide deck used for presentations.

Screenshots

Blog Application HomePage

1

Blog Application Login Portal

2

Blog Application Register Page

3

Blog Application Logged in Dashboard

4

Blog Application User Profile

5

Contribution Guidelines

  • Contributions in the form of code improvements, module updates, feature improvements, and any general suggestions are welcome.
  • Improvements to the functionalities of the current modules are also welcome.
  • The source code for each module can be found in modules/module-<Number>/src this can be used to modify the existing application code.

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License v2 as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Sister Projects

You might also like...

Infrastructure for starting TG bot project. Postgres, Minio, Grafana, Alembic

Telegram bot project template This repo contains boilerplate code and infrastructure provisioning for development of telegram bot. Services Bot: Entry

Oct 22, 2022

A distributed computing infrastructure for simulations, model training & fine-tuning.

Deep Learning Research Lab This library implements a distributed computing infrastructure for simulations, model training & fine-tuning. It allowed th

Apr 30, 2022

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Jun 9, 2022

A journey through robotic infrastructure; the ILIAD lab's stack for robotic demonstration collection, policy training, perception, and natural language.

Odyssey Odyssey: A journey through robotic infrastructure; the ILIAD lab's stack for robotic demonstration collection, policy training, perception, an

Jul 31, 2022

A Python CLI tool for deploying red team infrastructure across mutliple cloud providers, all integrated with a virtual Nebula network

A Python CLI tool for deploying red team infrastructure across mutliple cloud providers, all integrated with a virtual Nebula network

Terry the Terraformer Python CLI tool to to build red team infrastructure using Terraform, Ansible, and Docker. Once deployed, all resources can be in

Jan 6, 2023

Bots python / yaml based infrastructure for github and checkmarx

Octo Bots The bots infrastructure gives easy to define easy to work with interface for actions on events and background jobs Each event that is trigge

Aug 24, 2022

Plugin for OCI (Oracle Cloud Infrastructure)

Plugin for OCI (Oracle Cloud Infrastructure)

plugin-oracle-cloud-services Plugin for OCI (Oracle Cloud Infrastructure) SpaceONE's plugin-oracle-cloud-services is a convenient tool to get cloud se

Sep 14, 2022

This repo has the expert data generation infrastructure and Pytorch implementation of MPiNets.

This repo has the expert data generation infrastructure and Pytorch implementation of MPiNets.

Motion Policy Networks This repo has the expert data generation infrastructure and Pytorch implementation of MPiNets. Table of Contents Motion Policy

Dec 16, 2022

Simple scripts for downloading/uploading files & directories from azure blob storage using Azcopy v12

Useful Azcopy v12 Script Simple scripts for downloading/uploading files & directories from azure blob storage using Azcopy v12 First install azure-sto

Apr 4, 2022
Comments
  • local-exec provisioner error

    local-exec provisioner error

    Hello! hoping to get some help or insight to this error when deploying the TF scripts. I ran pip3 install --pre azure-cosmos which updated. but still getting this local-exec provisioner error. Am I missing another dependency?
    image

    opened by hacknorris 2
  • Fake Issue for comitting images

    Fake Issue for comitting images

    IDOR 1 2 3 4 5 6

    7 8 9 10 11 12 13 14 15 16 17 18

    SSRF AZGOAT 1 2 3 4 5 6 7 8 9 10 11 12

    Security Misconfiguration

    1 2 3 4 5 6 7 8 9 10 11 12 13 14

    Az Id Misconfig

    1 2 3 4 5 6 7 8 10 11 12 13 14 15

    ssrf for cosmosdb & storageaccount 1 2 3 4 5 6 7 8 9 10 11 12 13 14 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

    Readme

    1 2 3 4 5 6 logo

    opened by SSKale1 0
  • Doesnt deploy over cloudshell. Terraform issue.

    Doesnt deploy over cloudshell. Terraform issue.

    Hi I tried to deploy the lab on the cloud using cloudshell and i get struck at the same error.

    azurerm_storage_blob.app_files_prod["shared/files/.ssh/config.txt"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/illustrations/illustration_login.png"]: Creation complete after 2s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/illustrations/illustration_login.png] azurerm_storage_blob.app_files_prod["shared/files/.ssh/keys/justin.pub"]: Creation complete after 2s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/shared/files/.ssh/keys/justin.pub] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/products/product_21.jpg"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/avatars/avatar_4.jpg"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/avatars/avatar_3.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/avatars/avatar_3.jpg] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/covers/cover_7.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/covers/cover_7.jpg] azurerm_storage_blob.app_files_prod["shared/scripts/deploy_node.sh"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/shared/scripts/deploy_node.sh] azurerm_storage_blob.app_files_prod["shared/scripts/php-deploy.sh"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/shared/scripts/php-deploy.sh] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/products/product_13.jpg"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/icons/ic_flag_de.svg"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/products/product_14.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/products/product_14.jpg] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/avatars/avatar_7.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/avatars/avatar_7.jpg] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/covers/cover_8.jpg"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/media/register.4206b16c0ce018f0307d.jpg"]: Creating... azurerm_storage_blob.app_files_prod["shared/files/.ssh/config.txt"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/shared/files/.ssh/config.txt] azurerm_storage_blob.app_files_prod["shared/files/.ssh/keys/sophia.pub"]: Creating... azurerm_storage_blob.app_files_prod["shared/files/.ssh/keys/mary.pem"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/avatars/avatar_12.jpg"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/avatars/avatar_4.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/avatars/avatar_4.jpg] azurerm_storage_blob.app_files_prod["images/20220525173359279634.png"]: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/products/product_13.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/products/product_13.jpg] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/products/product_21.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/products/product_21.jpg] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/covers/cover_8.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/covers/cover_8.jpg] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/products/product_18.jpg"]: Creating... azurerm_storage_blob.config_update_prod: Creating... azurerm_storage_blob.app_files_prod["webfiles/build/static/icons/ic_flag_de.svg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/icons/ic_flag_de.svg] azurerm_storage_blob.app_files_prod["webfiles/build/static/media/register.4206b16c0ce018f0307d.jpg"]: Creation complete after 2s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/media/register.4206b16c0ce018f0307d.jpg] azurerm_storage_blob.app_files_prod["shared/files/.ssh/keys/mary.pem"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/shared/files/.ssh/keys/mary.pem] azurerm_storage_blob.app_files_prod["shared/files/.ssh/keys/john.pub"]: Creating... azurerm_storage_blob.app_files_prod["shared/files/.ssh/keys/sophia.pub"]: Creation complete after 2s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/shared/files/.ssh/keys/sophia.pub] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/avatars/avatar_12.jpg"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/avatars/avatar_12.jpg] azurerm_cosmosdb_account.db: Still creating... [1m50s elapsed] azurerm_storage_blob.app_files_prod["images/20220525173359279634.png"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/images/20220525173359279634.png] azurerm_storage_blob.config_update_prod: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/modules/module-1/resources/storage_account/shared/files/.ssh/config.txt] azurerm_storage_blob.app_files_prod["shared/files/.ssh/keys/john.pub"]: Creation complete after 1s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/shared/files/.ssh/keys/john.pub] azurerm_storage_blob.app_files_prod["webfiles/build/static/mock-images/products/product_18.jpg"]: Creation complete after 2s [id=https://appazgoat3299488storage.blob.core.windows.net/prod-appazgoat3299488-storage-container/webfiles/build/static/mock-images/products/product_18.jpg] azurerm_cosmosdb_account.db: Still creating... [2m0s elapsed] azurerm_cosmosdb_account.db: Still creating... [2m10s elapsed] azurerm_cosmosdb_account.db: Still creating... [2m20s elapsed] azurerm_cosmosdb_account.db: Creation complete after 2m22s [id=/subscriptions/44520894-a01e-4f6d-9612-0310dbd2c8d4/resourceGroups/azuregoat_app/providers/Microsoft.DocumentDB/databaseAccounts/ine-cosmos-db-data-3299488] ╷ │ Warning: Deprecated Resource │ │ with azurerm_app_service_plan.app_service_plan, │ on main.tf line 145, in resource "azurerm_app_service_plan" "app_service_plan": │ 145: resource "azurerm_app_service_plan" "app_service_plan" { │ │ The azurerm_app_service_plan resource has been superseded by the azurerm_service_plan resource. Whilst this resource will continue to be available in the 2.x and 3.x │ releases it is feature-frozen for compatibility purposes, will no longer receive any updates and will be removed in a future major release of the Azure Provider. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to azurerm_app_service_plan.app_service_plan, provider "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root │ resource was present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to azurerm_network_security_group.net_sg, provider "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root resource │ was present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to azurerm_public_ip.VM_PublicIP, provider "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root resource was │ present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker.

    opened by Sh4d0w-3xPl0iT 0
Owner
INE Lab Infrastructure
INE Lab Infrastructure
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags. ?? Created by Cider Security. Table of Contents Description Downlo

Cider Security Research 1k Jan 7, 2023
Now you can scan your google map api to see its vulnerable or not specially made for bug bounty hunters!🔴🔴🔴🔴✔

Google_map_api_scanner -FASTEST GOOGLE MAP API SCANNER ?? ?? ?? ?? ✔ Google Maps API Scanner Used for determining whether a leaked/found Google Maps A

Alex Bieber 2 Jul 8, 2022
Capture the Flag (CTF) in computer security is an exercise in which flags are secretly hidden in purposefully-vulnerable programs or websites

Capture the Flag (CTF) in computer security is an exercise in which flags are secretly hidden in purposefully-vulnerable programs or websites. Competitors steal flags either from other competitors (attack/defense-style CTFs) or from the organizers (jeopardy-style challenges)

anas cherni 8 Dec 16, 2022
ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, RCE and Open redirect

ParamFirstCheck ParamFirstCheck identifies in a list of urls those containing the top 25 of the most vulnerable parameters to SQLi, LFI, RCE and Open

S1rN3tZ 26 Dec 12, 2022
Erlik - Vulnerable Soap Service

Vulnerable-Soap-Service Erlik - Vulnerable Soap Service Tested - Kali 2022.1 Description It is a vulnerable SOAP web service. It is a lab environment

Anıl Yelken 145 Dec 29, 2022
ioquake3 engine is vulnerable to a remotely exploitable off-by-one overflow due to a miscalculated array index within the privileged admin console command banaddr

ioquake3 engine is vulnerable to a remotely exploitable off-by-one overflow due to a miscalculated array index within the privileged admin console command banaddr. Attacker needs the rcon password to exploit this vulnerability.

Hacker House 3 Jan 3, 2023
Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.

CVE-2022-20128 Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons

null 6 Oct 28, 2022
Erlik 2 - Vulnerable-Flask-App

Vulnerable-Flask-App Erlik 2 - Vulnerable-Flask-App Tested - Kali 2022.1 Description It is a vulnerable Flask Web App. It is a lab environment created

Anıl Yelken 154 Dec 20, 2022
A tool to create a SOCKS proxy server out of UPnProxy vulnerable device(s).

UPnProxyChain A tool to create a SOCKS proxy server out of UPnProxy vulnerable device(s). Writeup here. General information UPnProxyChain is a tool to

Valtteri Lehtinen 62 Dec 31, 2022
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.

CVE-2022-41040-metasploit-ProxyNotShell the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request fo

Taroballz 25 Dec 22, 2022