Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add tencent cloud cvm security group open common port scenario #73

Merged
merged 1 commit into from
Jun 9, 2022
Merged

feat: add tencent cloud cvm security group open common port scenario #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
97 changes: 49 additions & 48 deletions README.md
View file
Open in desktop

Large diffs are not rendered by default.

93 changes: 47 additions & 46 deletions README_CN.md
View file
Open in desktop

Large diffs are not rendered by default.

77 changes: 77 additions & 0 deletions tencentcloud/cvm/cvm_security_group_open_common_port/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Tencent Cloud CVM security group open common port

English | [中文](./README_CN.md)

## Description

This is a scenario used to build the Tencent Cloud CVM security group open common port.

## Deployment Environment

Execute the following command in the container

```shell
cd /TerraformGoat/tencentcloud/cvm/cvm_security_group_open_common_port
```

Edit the `terraform.tfvars` file and write your `tencentcloud_secret_id` and `tencentcloud_secret_key` in the file

```shell
vim terraform.tfvars
```

> You can create and view your SecretKey on the [API Key Management](https://console.cloud.tencent.com/cam/capi) of the Tencent Cloud console

Deploy Vulnerable Environment

```shell
terraform init
terraform apply
```

> When the terminal prompts `Enter a value:`, enter `yes`

After the environment is set up, you can see the instance and security group IDs at Outputs

## Steps

Use the Tencent Cloud command line tool to view the rules of the security group.

```bash
> apt-get install jq -y
> tccli vpc DescribeSecurityGroupPolicies --SecurityGroupId sg-o1alubhn | jq '.SecurityGroupPolicySet.Ingress[] | select(.Protocol == "tcp") | select(.CidrBlock == "0.0.0.0/0") | select(.Action == "ACCEPT") | .Port'

"5432"
"25"
"9200"
"4506"
"50070"
"2376"
"21"
"138"
"5500"
"5601"
"50470"
"3389"
"6379"
"4505"
"8020"
"1522"
"23"
"22"
"2375"
"3306"
"5900"
"137"
"1433"
"1521"
"445"
"27017"
"1434"
```

## Destroy the environment

```shell
terraform destroy
```
79 changes: 79 additions & 0 deletions tencentcloud/cvm/cvm_security_group_open_common_port/README_CN.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# 腾讯云 CVM 安全组允许常见端口访问

[English](./README.md) | 中文

## 描述信息

这是一个用于构建腾讯云 CVM 安全组允许常见端口访问的场景。

## 环境搭建

在容器中执行以下命令

```shell
cd /TerraformGoat/tencentcloud/cvm/cvm_security_group_open_common_port
```

编辑 `terraform.tfvars` 文件,在文件中填入你的 `tencentcloud_secret_id` 和 `tencentcloud_secret_key`

```shell
vim terraform.tfvars
```

> 在腾讯云控制台的 [API 密钥管理](https://console.cloud.tencent.com/cam/capi) 可以创建和查看您的 SecretKey

部署靶场

```shell
terraform init
terraform apply
```

> 在终端提示 `Enter a value:` 时,输入 `yes` 即可

环境搭建完后,在 Outputs 处可以看到实例和安全组的 ID

## 步骤

使用腾讯云命令行工具查看安全组的规则。

```bash
> apt-get install jq -y
> tccli vpc DescribeSecurityGroupPolicies --SecurityGroupId sg-o1alubhn | jq '.SecurityGroupPolicySet.Ingress[] | select(.Protocol == "tcp") | select(.CidrBlock == "0.0.0.0/0") | select(.Action == "ACCEPT") | .Port'

"5432"
"25"
"9200"
"4506"
"50070"
"2376"
"21"
"138"
"5500"
"5601"
"50470"
"3389"
"6379"
"4505"
"8020"
"1522"
"23"
"22"
"2375"
"3306"
"5900"
"137"
"1433"
"1521"
"445"
"27017"
"1434"
```

通过返回的内容可以看到当前安全组允许访问的常见端口。

## 销毁环境

```shell
terraform destroy
```