Embedded Files
Isolated Pentesting Lab (GCP)
Isolated Pentesting Lab (GCP)
Using Terraform to automate a target vm (OWASP Juice Shop) and an attack vm (Kali Linux) within a secure network using to create an isolated penetration testing lab using Google Cloud Platform.
Using Terraform to automate a target vm (OWASP Juice Shop) and an attack vm (Kali Linux) within a secure network using to create an isolated penetration testing lab using Google Cloud Platform.
I logged into the target machine and used the commands "sudo docker ps," "curl localhost:80" to make sure that the OWASP Juice Shop image was successfully running. The screenshot below is a snippet of the main.tf in the secure_network directory that shows the resource that is being used "google_compute_network," as well as the vpc's that were created, the cidr range, and the subnets for both vpcs''. Since The screen shot focused on the attacker machine is the output from the command terraform apply -auto-approve after downloading the Kali Linux generic cloud x64 image, reformatting it into a compatible .tar.gz file to store into a bucket that was created. After setting up Kali Linux through a web terminal and adding xfce, xrdp, and novnc to access a desktop version through the web a machine image was the created to add to the terraform code which would complete the build of the penetration testing lab.
Below are screenshots of a working Kali Linux Desktop that has access to OWASP Juice Shop. This image is ran through docker on an Ubuntu server. The other to screenshots shows NMAP being used to see which ports are open on the victim machine and one of the more simpler SQL injections being used to login as admin in the OWASP Juice Shop.
In order to complete this project, I had to learn the Google Cloud Platform, terraform, and how to create an image that can be used for cloud platforms. As I am learning 2 cloud platforms in depth as I do have a love for cloud computing and architecture. In the process of doing so, how to use terraform for automation and what weaknesses that can exist. How to build isolated labs, the process of building web apps and pages is in line with the reason projects like this are important to me. Since cloud platforms play a big role in the backend of web pages, I figured Bug bounty hunting, whether doing it full time or part time, it is something I want to be a part of.
In order to complete this project, I had to learn the Google Cloud Platform, terraform, and how to create an image that can be used for cloud platforms. As I am learning 2 cloud platforms in depth as I do have a love for cloud computing and architecture. In the process of doing so, how to use terraform for automation and what weaknesses that can exist. How to build isolated labs, the process of building web apps and pages is in line with the reason projects like this are important to me. Since cloud platforms play a big role in the backend of web pages, I figured Bug bounty hunting, whether doing it full time or part time, it is something I want to be a part of.
Page updated
Google Sites
Report abuse