This repository holds a target infrastructure you can use for testing nimbostratus.
This code deploys an Amazon AWS infrastructure which has various vulnerabilities and weak configuration settings which can be exploited using nimbostratus.
If you're not sure what this is all about, you better avoid using any of the code that lives here.
sudo apt-get install python-mysqldb
git clone [email protected]:andresriancho/nimbostratus-target.git
cd nimbostratus-target
pip install -r requirements.txtMake sure you have configured your "root" AWS credentials in ~/.boto before you run the fabric script.
fab deployThe console messages will show you the progress to understand what's deployed and where. At the end you should end up with the following AWS components:
- Front-end EC2 instance with:
- HTTP server and vulnerable Web application
- Celery configured to use SQS as broker
- Deployed using user-data script
- With an instance profile which allows acces to SQS
- Backend worker:
- Consumes SQS messages sent by front-end instance
- Uses pickle as serialization method
- No instance profile configured, hard-coded AWS credentials
- AWS credentials can access
RDS:*andIAM:* - Stores information in RDS database using low-privileged user
- RDS database
- IAM user for backend worker
A successfull run should look like this.
Once you finish playing with this Amazon cloud, just delete it with:
fab teardown- This code wasn't developed for re-usability.
- Running this code will create Amazon AWS charges!
- The
teardowncommand might fail, charges might be applied by Amazon even after running it. You're responsible of checking the state of your services after running this tool.