-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cloud: add AWS cracking automation (#9)
cloud: add AWS cracking automation The commit contains files for Terraform and Ansible. The purpose of these files is to assist users who need to run password cracking sessions in the cloud.
- Loading branch information
1 parent
f19c668
commit 90d3b55
Showing
13 changed files
with
569 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
*.diff | ||
.terraform | ||
.terraform.* | ||
terraform.* | ||
inventory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
FROM ubuntu:latest | ||
LABEL maintainer Claudio André (c) 2021 1.0.Cloud Tools | ||
LABEL software automation for John the Ripper | ||
|
||
RUN apt-get update -qq && \ | ||
export DEBIAN_FRONTEND="noninteractive" && \ | ||
apt-get install -y curl gnupg software-properties-common && \ | ||
curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \ | ||
apt-add-repository "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \ | ||
apt-add-repository --yes --update ppa:ansible/ansible && \ | ||
apt-get install -y \ | ||
terraform ansible \ | ||
wget git nano \ | ||
&& \ | ||
useradd -U -m cracker && \ | ||
# Clean the image | ||
apt-get -y clean && \ | ||
rm -rf /var/lib/apt/lists | ||
|
||
USER cracker | ||
WORKDIR /host/cloud-tools | ||
ENV PROVIDER AWS | ||
CMD /bin/bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
# Prepare the environment | ||
sudo apt-get -y install git build-essential libssl-dev zlib1g-dev libgmp-dev libpcap-dev libbz2-dev | ||
git clone --depth 10 https://github.com/openwall/john.git | ||
cd john/src | ||
|
||
# Build John the Ripper | ||
# TODO remove the next line | ||
rm -f *fmt_plug.c | ||
./configure && make -sj2 | ||
../run/john |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
data "aws_ami" "ubuntu" { | ||
most_recent = true | ||
|
||
filter { | ||
name = "name" | ||
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] | ||
} | ||
|
||
filter { | ||
name = "virtualization-type" | ||
values = ["hvm"] | ||
} | ||
|
||
owners = ["099720109477"] # Images owned by Canonical (099720109477) | ||
} | ||
|
||
resource "aws_instance" "worker" { | ||
ami = data.aws_ami.ubuntu.id | ||
vpc_security_group_ids = [aws_security_group.jtrcrackers-sg.id] | ||
key_name = aws_key_pair.deployer.key_name | ||
instance_type = var.instance["instance_type"] | ||
count = var.instance["count"] | ||
|
||
credit_specification { | ||
cpu_credits = "standard" | ||
} | ||
|
||
# The connection uses the local SSH agent for authentication. | ||
connection { | ||
user = "ubuntu" | ||
type = "ssh" | ||
host = self.public_ip | ||
private_key = local.private_key_content | ||
} | ||
|
||
provisioner "file" { | ||
source = "./build-john.sh" | ||
destination = "/home/ubuntu/" | ||
} | ||
|
||
provisioner "file" { | ||
source = "./hashes.txt" | ||
destination = "/home/ubuntu/hashes.txt" | ||
} | ||
|
||
provisioner "remote-exec" { | ||
inline = [ | ||
"cd ~", | ||
"ls -laR" | ||
] | ||
} | ||
|
||
depends_on = [ | ||
# Security group rule must be created before this IP address could | ||
# actually be used, otherwise the services will be unreachable. | ||
aws_security_group.jtrcrackers-sg, | ||
] | ||
|
||
tags = { | ||
Name = "JtRCracker${count.index + 1}-instance" | ||
Environment = var.domain | ||
"Application Role" = var.role | ||
Owner = var.owner | ||
Customer = var.customer | ||
Confidentiality = var.confidentiality | ||
} | ||
} | ||
|
||
resource "aws_key_pair" "deployer" { | ||
key_name = "deployer-key" | ||
public_key = local.public_key_content | ||
} | ||
|
||
# You can also add your key here. | ||
/* | ||
resource "aws_key_pair" "deployer" { | ||
key_name = "deployer-key" | ||
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com" | ||
} | ||
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
[Crackers] | ||
%{ for index, dns in public-dns ~} | ||
${dns} ansible_host=${public-ip[index]} # ${public-id[index]} | ||
%{ endfor ~} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
provider "aws" { | ||
region = local.region | ||
profile = local.profile | ||
} | ||
|
||
# Create workspaces to run the same set of instruction on different environments | ||
locals { | ||
profile = lookup(var.profile_list, terraform.workspace) | ||
} | ||
locals { | ||
region = lookup(var.regions_list, terraform.workspace) | ||
} | ||
locals { | ||
run_env = lookup(var.environment_list, terraform.workspace) | ||
} | ||
|
||
# Save terraform state remotely (if needed). | ||
/* terraform { | ||
backend "s3" { | ||
bucket = "jtrcrackers-tfstate" | ||
key = "sg/terraform.state" | ||
region = var.region | ||
profile = var.profile | ||
} | ||
} */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
output current_environment { | ||
value = local.run_env | ||
} | ||
|
||
output "ip_address" { | ||
value = "${aws_instance.worker.*.public_ip}" | ||
description = "The IP address(es) of the instance(s)." | ||
} | ||
|
||
### The Ansible inventory file | ||
resource "local_file" "AnsibleInventory" { | ||
content = templatefile("inventory.tmpl", | ||
{ | ||
public-dns = aws_instance.worker.*.public_dns, | ||
public-ip = aws_instance.worker.*.public_ip, | ||
public-id = aws_instance.worker.*.id | ||
} | ||
) | ||
filename = "inventory" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
--- | ||
- hosts: all | ||
gather_facts: no | ||
remote_user: ubuntu | ||
tasks: | ||
- name: Copy file(s) from all requested remote servers to local. | ||
fetch: | ||
src: /home/ubuntu/john/run/john.pot | ||
dest: .. | ||
|
||
- name: Copy file(s) from all requested remote servers to local. | ||
fetch: | ||
src: /home/ubuntu/john/run/john.rec | ||
dest: .. | ||
|
||
- name: Copy file(s) from all requested remote servers to local. | ||
fetch: | ||
src: /home/ubuntu/john/run/john.log | ||
dest: .. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
--- | ||
- hosts: all | ||
remote_user: ubuntu | ||
tasks: | ||
- name: Copy a file called 'hashes.txt' to all requested remote servers. | ||
copy: | ||
src: ../hashes.txt | ||
dest: /home/ubuntu/hashes.txt | ||
owner: ubuntu | ||
group: ubuntu | ||
mode: '0644' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
###################################################################### | ||
# Copyright (c) 2021 Claudio André <claudioandre.br at gmail.com> | ||
# | ||
# This program comes with ABSOLUTELY NO WARRANTY; express or implied. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, as expressed in version 2, seen at | ||
# http://www.gnu.org/licenses/gpl-2.0.html | ||
###################################################################### | ||
|
||
--- | ||
- hosts: all | ||
remote_user: ubuntu | ||
tasks: | ||
- name: Transfer the script | ||
copy: src=../build-john.sh dest=/home/ubuntu/build-john.sh mode=0777 | ||
|
||
- name: Execute the script | ||
shell: /home/ubuntu/build-john.sh | tee buildlog.txt |
Oops, something went wrong.