Skip to content

Commit

Permalink
Merge pull request #40 from teamssix/main
Browse files Browse the repository at this point in the history 
perf: optimize code and readme
  • Loading branch information
@teamssix
teamssix committed May 20, 2022
2 parents cd5c9f0 + c287ae6 commit 16d846a
Show file tree
Hide file tree
Showing 107 changed files with 132 additions and 617 deletions.
17 changes: 1 addition & 16 deletions aliyun/oss/bucket_object_traversal/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,21 +18,10 @@ aliyun configure
```BASH
terraform init
```

![image-20220420183822046](../../../images/UzJuMarkDownImage20220420183822046_1.png)

```bash
terraform apply
```

If you confirm that there are no problems, just press enter

![image-20220420184708033](../../../images/UzJuMarkDownImage20220420184331190_3.png)

Type “yes” to start the build, at which point you can go make a cup of coffee because it will be done before you get back, very fast!

![image-20220420184734125](../../../images/UzJuMarkDownImage20220420184456968_4.png)
If you confirm that there are no problems, Type “yes” to start the build

Access to hx-cloud-security-ctf-xxx.oss-cn-beijing.aliyuncs.com

Expand All @@ -56,8 +45,4 @@ What is this? Maybe you can check the latitude and longitude to determine where
terraform destroy
```

![image-20220420184456968](../../../images/UzJuMarkDownImage20220420184708033_5.png)

If you have made up your mind, then just type yes

![image-20220420184331190](../../../images/UzJuMarkDownImage20220420184734125_6.png)
17 changes: 1 addition & 16 deletions aliyun/oss/bucket_object_traversal/README_CN.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,21 +22,10 @@ aliyun configure
```BASH
terraform init
```

![image-20220420183822046](../../../images/UzJuMarkDownImage20220420183822046_1.png)

```bash
terraform apply
```

如果确认没有问题,按下回车即可

![image-20220420184708033](../../../images/UzJuMarkDownImage20220420184331190_3.png)

输入yes开始构建,然后您可以去冲一杯咖啡,因为它会在您回来之前完成,非常快!

![image-20220420184734125](../../../images/UzJuMarkDownImage20220420184456968_4.png)
如果确认没有问题,输入yes开始构建

访问 hx-cloud-security-ctf-xxx.oss-cn-beijing.aliyuncs.com

Expand All @@ -60,8 +49,4 @@ terraform apply
terraform destroy
```

![image-20220420184456968](../../../images/UzJuMarkDownImage20220420184708033_5.png)

确定没有问题之后,输入yes即可销毁

![image-20220420184331190](../../../images/UzJuMarkDownImage20220420184734125_6.png)
11 changes: 0 additions & 11 deletions aliyun/oss/object_acl_writable/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,20 +22,11 @@ aliyun configure
```bash
terraform init
```

![image-20220425190538237](../../../images/image-20220425190538237.png)

```bash
terraform apply
```

![image-20220425190558881](../../../images/image-20220425190558881.png)

After confirming that there are no problems, type yes and enter to quickly build

![image-20220425190632275](../../../images/image-20220425190632275.png)

Access the /flag.txt of this bucket directly

![image-20220425190700830](../../../images/image-20220425190700830.png)
Expand Down Expand Up @@ -81,5 +72,3 @@ terraform destroy
```

Then just type yes and wait for the destruction

![image-20220425191136549](../../../images/image-20220425191136549.png)
11 changes: 0 additions & 11 deletions aliyun/oss/object_acl_writable/README_CN.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,20 +21,11 @@ aliyun configure
```bash
terraform init
```

![image-20220425190538237](../../../images/image-20220425190538237.png)

```bash
terraform apply
```

![image-20220425190558881](../../../images/image-20220425190558881.png)

在确认没有问题后,输入yes回车即可快速构建

![image-20220425190632275](../../../images/image-20220425190632275.png)

直接访问该存储桶的/flag.txt

![image-20220425190700830](../../../images/image-20220425190700830.png)
Expand Down Expand Up @@ -80,5 +71,3 @@ terraform destroy
```

随后输入yes,等待销毁即可

![image-20220425191136549](../../../images/image-20220425191136549.png)
15 changes: 0 additions & 15 deletions aliyun/oss/special_bucket_policy/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ Although in actual use will not encounter this kind of scenario, but enjoy playi
cd /TerraformGoat/aliyun/oss/special_bucket_policy/
```

![image-20220425182349048](../../../images/image-20220425182349048.png)

Configure Alibaba Cloud Access Credentials

```shell
Expand All @@ -26,20 +24,11 @@ aliyun configure
```BASH
terraform init
```

![image-20220425182407093](../../../images/image-20220425182407093.png)

```bash
terraform apply
```

![image-20220425182434280](../../../images/image-20220425182434280.png)

If you confirm that there are no problems, just type yes

![image-20220425182506076](../../../images/image-20220425182506076.png)

## Get Flag

![image-20220425182550091](../../../images/image-20220425182550091.png)
Expand Down Expand Up @@ -71,8 +60,4 @@ When you see the file name, just visit that name **UkFrpYnoTbbQyhpx.html**
terraform destroy
```

![image-20220425182951151](../../../images/image-20220425182951151.png)

If it is confirmed that there is no problem, just type yes and wait

![image-20220425183028857](../../../images/image-20220425183028857.png)
15 changes: 0 additions & 15 deletions aliyun/oss/special_bucket_policy/README_CN.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@
cd /TerraformGoat/aliyun/oss/special_bucket_policy/
```

![image-20220425182349048](../../../images/image-20220425182349048.png)

配置阿里云访问凭证

```shell
Expand All @@ -23,20 +21,11 @@ aliyun configure
```BASH
terraform init
```

![image-20220425182407093](../../../images/image-20220425182407093.png)

```bash
terraform apply
```

![image-20220425182434280](../../../images/image-20220425182434280.png)

如果确认没有问题,输入yes即可

![image-20220425182506076](../../../images/image-20220425182506076.png)

## Get Flag

![image-20220425182550091](../../../images/image-20220425182550091.png)
Expand Down Expand Up @@ -68,8 +57,4 @@ Upgrade-Insecure-Requests: 1
terraform destroy
```

![image-20220425182951151](../../../images/image-20220425182951151.png)

如果确认没有问题,输入yes等待即可

![image-20220425183028857](../../../images/image-20220425183028857.png)
19 changes: 4 additions & 15 deletions aliyun/oss/unrestricted_file_upload/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,33 +9,24 @@ This is a script to help you quickly build storage buckets for unauthorized uplo
### Git clone

```bash
cd /TerraformGoat/aliyun/oss/unrestricted_file_upload/
cd /TerraformGoat/aliyun/oss/unrestricted_file_upload/
```

```bash
terraform init
```

![image-20220425192835507](../../../images/image-20220425192835507.png)

Configure Alibaba Cloud Access Credentials

```shell
```bash
aliyun configure
```

> You can create and view your AccessKey on the [AccessKey page](https://ram.console.aliyun.com/manage/ak) of the Alibaba Cloud console
```bash
```shell
terraform init
terraform apply
```

![image-20220425192251992](../../../images/image-20220425192251992.png)

If you confirm that there is no problem, type yes and wait for the build

![image-20220425192314435](../../../images/image-20220425192314435.png)

## Get Flag

Visit /hx.png to get the image
Expand Down Expand Up @@ -69,5 +60,3 @@ Afterwards, we use the GET method to get the contents of our overwritten
```bash
terraform destroy
```

![image-20220425192403147](../../../images/image-20220425192403147.png)
11 changes: 0 additions & 11 deletions aliyun/oss/unrestricted_file_upload/README_CN.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,20 +22,11 @@ aliyun configure
```bash
terraform init
```

![image-20220425192835507](../../../images/image-20220425192835507.png)

```bash
terraform apply
```

![image-20220425192251992](../../../images/image-20220425192251992.png)

如果确认没有问题,输入yes等待构建即可

![image-20220425192314435](../../../images/image-20220425192314435.png)

## Get Flag

访问/hx.png获取图片
Expand Down Expand Up @@ -69,5 +60,3 @@ HxSecurityLab
```bash
terraform destroy
```

![image-20220425192403147](../../../images/image-20220425192403147.png)
29 changes: 0 additions & 29 deletions aws/s3/bucket_object_traversal/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@ This is a script that can help you quickly build bucket objects to traverse the
cd /TerraformGoat/aws/s3/bucket_object_traversal/
```

![image-20220424181052943](../../../images/UzJuMarkDownImageimage-20220424181052943.png)

Configure AWS Access Credentials

```shell
Expand All @@ -22,40 +20,13 @@ aws configure
```bash
terraform init
```

![image-20220424181132510](../../../images/UzJuMarkDownImageimage-20220424181132510.png)

```bash
vim terraform.tfvars
```

![image-20220424181212853](../../../images/UzJuMarkDownImageimage-20220424181212853.png)

Write your AWS IAM user ID and key here

```bash
terraform apply
```

![image-20220424181300550](../../../images/UzJuMarkDownImageimage-20220424181300550.png)

How you confirm that there are no problems?Just type yes and then you can go make a cup of coffee, it will be built and finished before you come back, because it's very fast!

![image-20220424181318245](../../../images/UzJuMarkDownImageimage-20220424181318245.png)

Now Go Get Flag

## Destruction Challenge

```bash
terraform destroy
```

![image-20220424181701610](../../../images/UzJuMarkDownImageimage-20220424181701610.png)

type yes

![image-20220424181723375](../../../images/UzJuMarkDownImageimage-20220424181723375.png)

goOoOoOd by~~~
25 changes: 1 addition & 24 deletions aws/s3/bucket_object_traversal/README_CN.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@
cd /TerraformGoat/aws/s3/bucket_object_traversal/
```

![image-20220424181052943](../../../images/UzJuMarkDownImageimage-20220424181052943.png)

配置 AWS 访问凭证

```shell
Expand All @@ -22,27 +20,10 @@ aws configure
```bash
terraform init
```

![image-20220424181132510](../../../images/UzJuMarkDownImageimage-20220424181132510.png)

```bash
vim terraform.tfvars
```

![image-20220424181212853](../../../images/UzJuMarkDownImageimage-20220424181212853.png)

在这里写下你的AWS IAM用户ID和密钥

```bash
terraform apply
```

![image-20220424181300550](../../../images/UzJuMarkDownImageimage-20220424181300550.png)

你如何确认没有问题,只需输入 "yes",然后你就可以去泡杯咖啡,但在你回来之前,它就会建成并完成,因为它非常快!"。

![image-20220424181318245](../../../images/UzJuMarkDownImageimage-20220424181318245.png)
确认没有问题后输入 "yes"

现在可以去获取Flag了

Expand All @@ -52,10 +33,6 @@ terraform apply
terraform destroy
```

![image-20220424181701610](../../../images/UzJuMarkDownImageimage-20220424181701610.png)

输入yes

![image-20220424181723375](../../../images/UzJuMarkDownImageimage-20220424181723375.png)

goOoOoOd by~~~
12 changes: 1 addition & 11 deletions aws/s3/bucket_object_traversal/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,5 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}


provider "aws" {
region = var.Aws_S3_Region
region = "us-east-1"
}

resource "aws_s3_bucket" "CreateBucket" {
Expand Down
7 changes: 1 addition & 6 deletions aws/s3/bucket_object_traversal/output.tf
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
output "AwsCloud_BucketName" {
description = "S3 Bucket Name"
value = "${aws_s3_bucket.CreateBucket.bucket}.s3.${var.Aws_S3_Region}.amazonaws.com"
value = "${aws_s3_bucket.CreateBucket.bucket}.s3.us-east-1.amazonaws.com"

}

output "AwsCloud_Region" {
description = "S3 Region"
value = var.Aws_S3_Region
}

0 comments on commit 16d846a

Please sign in to comment.