DEV Community: Raz

How to do a quick network recon during a pentest or CTF

Raz — Sun, 07 Jun 2020 15:32:34 +0000

This article was also published on razcodes.dev

Since I have been learning more lately about pentesting, and playing on sites like tryhackme.com, I find myself starting with the same tools usually so I decided to write this short post about the process.

Init

Sometimes you know the IP of the machine that you will be working on and sometimes you don't. Sometimes there is more than one machine on the network you want to look into, so in those cases, you start with the basic IP scan.

nmap -sn -n 192.168.0.0/24 -oN discovery.nmap

Options:

-sn: ping scan
-n: no DNS resolution
-oN: output scan in normal to file

Besides using nmap for this, you can also use netdiscover to see all the machine on the current network by specifying the interface.

netdiscover -i tap0

Here I use tap0 as the interface if I am connected to a VPN or if I just look at machines on my internal network I would use eth0.

netdiscover -i eth0

Once nmap is done running, I take that file and remove everything from it leaving just the IPs.

cat discovery.nmap | grep for | cut -d " " -f 5 > ips.txt

I also make sure my IP is not in there so I don't scan myself.

Now that we have a list of IPs, I can run a longer scan.

nmap -sV -p- -n -v -Pn -T4 -iL ips.txt -A --open

Options:

-sV: version info
-p-: scan all ports
-n: no DNS resolution
-v: verbose
-Pn: treat host as online
-T4: timing template
-iL: use the file and only scan IPs in it
-A: OS detection, version, script scan, traceroute
--open: only show open

Of course these might not work for every engagement and you should read more about nmap strategies before using them, but for my needs so far these have worked well.

Website involved

If the scans above yield some http ports open (80,8080, etc), I then run dirbuster to look for any folders that might be hidden.

dirb http://10.10.47.53

Fork in the road

After the usual scan above is where I take a different road based on whatever scenario I encounter, now that I have the data I need from the scan.

Happy scanning!

How to use AWS named profiles

Raz — Sun, 31 May 2020 20:58:35 +0000

This article was also published on razcodes.dev

You might get to a point where for some reason or another you find yourself needing to use more than one set of AWS CLI credentials. Usually that's the case when you have more than one AWS account or you want to test the same account but with different permissions. So instead of keep reconfiguring your credentials every time, like someone I know used to do, you can use named profiles.

This article assumes that you already have AWS CLI installed and configured. If you have not yet, I cover that in one of my older posts.

Creating the user

We are going to first create a new user and give that user read only permissions to S3.

log into your AWS console
Services -> IAM -> Users
Add user
User name (ex: s3read)
Check Programatic access
Next: Permissions
Attach existing policies directly
Check AmazonS3ReadOnlyAccess
Next: Tags (optional)
Next: Review
Create User

Make sure that you either download the .csv file created, or copy the Access key ID and Secret access Key in a password manager, because once you click close you will not be able to see it again.

CLI Setup

In the terminal, where you already have the AWS CLI working type the following:

aws configure --profile s3read

The profile name can be whatever you want, you will need to use it later and it can be different than what you named the username above.

put in your Access key ID
put in your Secret access key
default region (ex: us-east-1)
default output (ex: json)

Invoking

You are now all set. To start using the newly created profile you have a few options available.

Command style

You can add --profile followed by the profile name after every command:

aws s3 ls --profile s3read

ENV style

You can make that profile become the active profile for the current shell session:

export AWS_PROFILE=s3read

After that you can just issue the commands without the --profile:

aws s3 ls

Oh My Zsh style

Oh My Zsh has an AWS plugin and with it installed, you can just use the command asp followed by the profile name to activate it:

asp s3read

From here on that profile will be active for the rest of the session:

aws s3 ls

Conclusion

I put off configuring this for myself for a long time, but having to switch between 4 profiles every day motivated me to look into it and make it simple. So should you.

How to launch your first Webserver with AWS EC2

Raz — Sun, 24 May 2020 19:32:55 +0000

This article was also published on razcodes.dev

I will outline in this article the steps for creating a simple HTTP server in AWS using the EC2 service, running on Amazon Linux 2.

This article assumes that you already have an AWS account setup, with all the default settings.

Setup

Once logged into the AWS console go to Services -> EC2 -> Instances and click on Launch Instance.

Here you will see a list with all the available images that can be launched. We will select the first one (at the time of writing this article) called Amazon Linux 2 AMI.

Make sure t2.micro is selected, as this is part of the free tier and click Next: Configure Instance Details.

On this screen we can leave most things on default, and feel free to click on the info icon located by each option to get more information about what the options do.

The one thing we are going to change is located towards the bottom, under Advanced Details -> User Data. Here, you can include a bash script that will run when the instance is launched, with root privileges. We can use this to run a system update as well as install the run the WebServer. Just copy this script into the text field:

#!/bin/bash
yum update -y
yum install -y httpd.x86_64
systemctl start httpd.service
systemctl enable httpd.service
echo "This is $(hostname)" > /var/www/html/index.html

Next: Add Storage - This is where we can select the drive(s) size and type(s) we want for the instance. We can leave everything as default.

Next: Add Tags - Tags can be very useful for billing, inventory and all sorts of other things. For this exercise we do not need any.

Next: Configure Security Groups - This part will define what ports we want to leave open towards the host instance, so we will only deal with ports 22 for SSH and port 80 for HTTP.

Create a new security group
Security group name: WebServer
Description: WebServer SG

SSH is already added, but we will just open that for our machine, so under Source click on the Custom dropdown and select My IP.

Click on Add Rule and select HTTP. This will open port 80 for the web traffic from anywhere, which is what we want.

Review and Launch -> Launch

Create a new key pair, give it a name (ex: myWebServer) and click Download Key Pair.

Launch Instances -> View Instances.

Now you will see you new instance being created. It will take a few minutes to get it up and running, update the system and install httpd.

Browser visit

After a few minutes, with the new instance selected, you can copy the Public DNS or the IP, open a new browser window and visit your new server.

SSH connect

You can click Connect on top, and you can get instructions on how to connect to it using SSH.

Note that because of the way we configured the SSH port to only allow connections from our IP address, when you click connect, the EC2 Instance Connect using the browser will not work, since that will come from a different IP address. If you would like that functionality for playing around, you can go change the security group and allow connections to port 22 from 0.0.0.0/0, but that is not recommended and should only be done for testing purposes.

The end

When you are done with your instance you can select it and under Actions -> Instance State, you can chose:

Stop : this will stop the instance, you will no longer be charged and start it again when you want to. When you start it back up you will have a different IP address, so the connection string will be different.
Terminate: this will destroy the instance.

How to upgrade your shell and prompt in Kali or Parrot

Raz — Sun, 17 May 2020 18:40:17 +0000

This article was also published on razcodes.dev

The following procedure was tested in Kali Linux and Parrot OS, but it should work the same in other places, such as Ubuntu or Debian.

I spend a lot of time in the terminal, both at work and home, so might as well have a good looking and useful terminal in front of me. I had this setup on my mac for a while and only recently I decided to move it over to my pentesting boxes.

The things that we are going to now do are the following:

switch the shell from BASH to ZSH
install Oh My Zsh
install MesloLGS NF fonts
install powerlevel10k theme

The $SHELL

This step is the easiest one. Open a terminal and issue the following command:

chsh -s $(which zsh)

You will probably have to log out and log back in for the changes to take effect. Once you do, open a terminal again and you will be welcomed by a question about being the first time you setup ZSH so just chose option 2, to populate your config file with the default settings.

Oh My Zsh

This framework is amazing, with so many plugins, feature and add-ons. You should totally dig more into it if you haven't already and look at the possibilities.

You can install it using their installer, with the following command:

sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

Powerlevel10k

Fonts

This is the actual eye candy part of the process. We are going to start by installing some fonts that contain icons that will be used by the theme. This can be achieved in many ways, but here is my process. This will download the fonts to a local folder and install them on your system.

mkdir ~/.local/share/fonts
cd  ~/.local/share/fonts
wget https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Regular.ttf
wget https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold.ttf
wget https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Italic.ttf
wget https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold%20Italic.ttf
fc-cache -f -v

Once this is done, quit terminal and open it back up. Now go to File -> Preferences and set the terminal font to MesloLGS NF

Theme

Now we can install the theme by cloning the git repo and then making the change in the config file.

git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/themes/powerlevel10k
sed -i 's/robbyrussell/powerlevel10k\/powerlevel10k/g' ~/.zshrc

You can log out of the terminal and log back in and it's customization time. Here you can chose whatever you want to make it look how you like it the most. Here are the buttons that I pressed to get the prompt I love:

y,y,y,y,3,1,2,1,1,1,2,3,4,4,1,2,2,y,3,y

Resources

https://www.kali.org/

https://parrotlinux.org/

https://github.com/ohmyzsh/ohmyzsh

https://github.com/romkatv/powerlevel10k

How to create a lambda layer in AWS

Raz — Sun, 10 May 2020 15:39:41 +0000

This article was also published on razcodes.dev

In the last article I wrote that one of the options you have, when creating a lambda function in AWS that requires external modules, is to use a lambda layer that contains all these modules. That way, the lambda is independent of those modules, can be updated by itself, and also you can share that layer between lambdas that use the same modules, thus making it easier to maintain.

In this article, I will use the same example program from the last one, but instead of bundling everything together, I will create a lambda layer that can be used by the lambda.

Preparing the layer

First create a new folder for this project:

mkdir aws-lambda-layer
cd aws-lambda-layer

Next, create a folder structure for the modules that need to be installed.

mkdir -p lambda-layer/python/lib/python3.8/site-packages

Once the folder is created we can install requests in that folder.

pip3 install requests --target lambda-layer/python/lib/python3.8/site-packages

That folder structure is important because that is where Python expects to find the modules. Also as you can see, in this example I am using Python 3.8.

Now we can go into the lambda-layer folder and create a zip file for the layer that will be uploaded using the console.

cd lambda-layer
zip -r9 lambda-layer.zip .

Creating the layer

Log into the AWS console and go to Services -> Lambda -> Layers

Create layer
Name (ex: myRequestsLayer)
Upload
Select your zip file from before
Runtime (Python 3.8)
Create

Creating the lambda

We will be creating the lambda manually for this exercise, so in the AWS console go to Services -> Lambda

Create function
Author from scratch
Function name (ex: randomDadJokes)
Runtime (Python 3.8)
Create function

Replace the code in the editor with the following code:

import json
import requests

url = 'https://icanhazdadjoke.com'

def lambda_handler(event, context):
    r = requests.get(url, headers={"Accept": "application/json"})
    result = json.loads(r.text)
    return result['joke']

Hit Save.

Connecting the layer

Still on the lambda screen, in the Designer section, click on the Layers box.

Add a layer
Select from list of runtime compatible layers
Name (chose your layer)
Version 1
Add

Creating the Test event

We also need to create a test event so we can trigger the lambda manually. You can do that by clicking on the dropdown (Select a test event) -> Configure test events.

Give it an Event Name (ex: Run)
Inputs don't matter so you can just leave it as is or delete those keys
Create

Run it

Now you can click on the Test button and you should see a random dad joke.

Thoughts

I really like the layers a lot better than having to bundle everything together, because it's not just easier to maintain, but also now I can play with the lambda and edit the code or debug it right there in the browser and I don't have to package it and re upload every time I make a change. This makes prototyping a lot easier and fun.

Note that other type of data can also be included in a layer so if you want to learn more, make sure you visit the AWS Lambda layers page.

How to create a lambda using Python with dependencies

Raz — Sun, 03 May 2020 18:28:28 +0000

This article was also published on razcodes.dev

When you have a Python script that uses modules, which are not included in the Python Standard Library, and want to run it as a lambda in AWS, you have two options. First one would be to create a AWS Lambda Layer that contains all the packages and then is connected to the Lambda, and the second would be to zip together the Lambda and the modules, creating a package that can then be uploaded and run. This article will cover the second option.

The Code

As an example I will be creating a small script that uses the Python library Requests. We will be pulling a random dad joke from icahasdadjoke.

In the terminal, create a new folder, create a new virtual environment, activate it and install requests.

mkdir dad-jokes-lambda
cd dad-jokes-lambda
python3 -m venv venv
source venv/bin/activate
pip install requests

We can now create the script:

touch lambda_function.py
vim lambda_function.py

The code will look something like the following:

import json
import requests

url = 'https://icanhazdadjoke.com'

def lambda_handler(event, context):
    r = requests.get(url, headers={"Accept": "application/json"})
    result = json.loads(r.text)
    return result['joke']

The Lambda

To create the lambda, login into the AWS console and go to Services -> Lambda.

Create function
Author from scratch
Fill in the function name (randomDadJoke)
Runtime - Python 3.8
Create function

We also need to create a test event so we can trigger the lambda manually. You can do that by clicking on the dropdown (Select a test event) -> Configure test events.

Give it an Event Name (ex: Run)
Inputs don't matter so you can just leave it as is or delete those keys
Create

Now, you could paste the code in the text editor in your browser and save, but you will notice that if you try running the lambda , by clicking Test, it will fail, because it cannot find the requests module. We are going to fix that next.

The Bundle

Back in the terminal, in the project folder, we will create a zip file with the dependencies and then add the lambda code to that zip file.

cd venv/lib/python3.8/site-packages
zip -r9 ${OLDPWD}/function.zip .
cd $OLDPWD
zip -g function.zip lambda_function.py

All together now

Back in the AWS console, on the lambda screen, in the Function code section, click on the dropdown for Code entry type and select Upload a .zip file.

Upload
Select the function.zip file created
Open
Save

Optionals

You will notice that you can no longer see the code editor, but instead you see a message telling you why. Every time you want to change the code for that lambda, you will have to update it on your machine, update the zip file with the new code and upload it again.

zip -u function.zip lambda_function.py

Test

You can now click on the Test button on top and the lambda will run, rewarding you with a dad joke. Have fun!

How to create and invoke a lambda using the AWS CLI

Raz — Sun, 26 Apr 2020 23:57:43 +0000

This article was also published on razcodes.dev

Let's say you create a cool little program that does some automation for you, or chore you need, and you then turn it into a lambda in AWS, but you don't want to go into the console and log in all the time you want to run it. You can invoke this program right from the AWS CLI, and here is how.

The Code

I will be creating a simple Node.js function that gives us a random Star Wars Quote every time we invoke it.

Using the terminal, create the folder and cd into it and create the function file

mkdir randomStarWarsQuoteGen
cd randomStarWarsQuoteGen
touch index.js

Using your favorite text editor add the code to the file.

vim index.js

Here is the simple code:

var messages = [
    'Help me, Obi-Wan Kenobi. You’re my only hope. — Leia Organa',
    'I find your lack of faith disturbing. — Darth Vader',
    'The Force will be with you. Always. — Obi-Wan Kenobi',
    'Never tell me the odds! — Han Solo',
    'Do. Or do not. There is no try. — Yoda',
    'No. I am your father. — Darth Vader',
    'There’s always a bigger fish. — Qui-Gon Jinn',
    'You can’t stop the change, any more than you can stop the suns from setting. — Shmi Skywalker',
    'I’m just a simple man trying to make my way in the universe. — Jango Fett',
    'Power! Unlimited power! — Darth Sidious'
];

exports.handler = async (event) => {
    let message = messages[Math.floor(Math.random()*10)];
    return message;
};

The Lambda Role

To follow along from here you will need to have the AWS CLI installed and configured on your machine. My last article covered that, so make sure you go and read it if you need to.

The lambda will need a role so let's create one. First we need to create a new file called trust.json for the assume role policy.

touch trust.json
vim trust.json

Add the following to the file:

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "lambda.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
}

Now we can create the role using the CLI:

aws iam create-role --role-name randomStarWarsQuoteGenRole --assume-role-policy-document file://trust.json --description "Random Star Wars Quote Generator Role"

Make sure you copy down somewhere the result ARN as we will need to use it to create the function.

Now let's attach to that new role the AWSLambdaBasicExecutionRole policy, which is managed by AWS.

aws iam attach-role-policy --role-name randomStarWarsQuoteGenRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

The Lambda

With the role created and policy attached, we can now create the function.

First, create a zip file of your code:

zip function.zip index.js

Now you are ready to create the function, making sure to replace your-role-arn with the ARN that you wrote down in the above step.

aws lambda create-function --function-name randomStarWarsQuoteGen --runtime nodejs12.x --handler index.handler --role <your-role-arn> --zip-file fileb://function.zip

If you need to update the lambda code in the future, you can just update your code, create the zip file again and then use the update command:

aws lambda update-function-code --function-name randomStarWarsQuoteGen --zip-file fileb://function.zip

Invocation Time

To call the function, you simply use the following command, where result.json is the file that will contain the function response.

aws lambda invoke --function-name randomStarWarsQuoteGen result.json

Happy Coding!

How to get up and running with AWS CLI on macOS

Raz — Sun, 19 Apr 2020 14:20:15 +0000

This article was also published on razcodes.dev

While you can do all the things you need in AWS using the console, the AWS CLI offers a convenient way to control your environment from the terminal as well as to create simple or complex automations through scripts.

Get credentials

The first thing that you will need to be able to issue commands is a set of security credentials, that is an Access Key ID and a Secret Access Key. You can do that by using the AWS console.

login to your account
Services -> IAM
Users
Add user
Give it a username (this is more for you, it will not be used ex: service)
Select Programmatic access then click Next
Attach exiting policies
For this demo I selected AdministratorAccess
Next add tags if you want
Next Review your choices
Create user

Once you clicked on Create user, you will be given the option to download a .csv file with the credentials or you can copy them from this screen for later use and maybe keep them in a password manager. Please keep in mind that this will be the one and only time you will see the Secret access key in the console, so make sure you save it somewhere safe.

Install the CLI

The easiest way to install the CLI on a Mac is by using Homebrew. If you don't have it installed already you can do so by following the instructions on their website, which say that you need to paste this following command in your terminal.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"

Once you have Homebrew installed, simply issue the following command in your terminal to install the AWS CLI.

brew install awscli

This will install awscli version 2 at the time of writing this article.

Configure the CLI with your credentials

Now you need to tell the CLI what credentials to use to it can access your AWS account.

aws configure

paste your AWS Access Key ID
paste your AWS Secret Access Key
fill in your default region (ex: us-east-1)
default output can be json, yaml, text, table (I chose json)

Issue commands and get help

Now you can issue commands. For example to see a list of all your s3 buckets you would type:

aws s3 ls

To get general help from the CLI:

aws help

To get help for a specific command, so you know how to use it, issue the command followed by help. For example, to get help on using the CLI with S3:

aws s3 help

Named Profiles (optional)

When you configured your credentials above, this created a folder in your home directory called .aws as well as 2 files in that folder, credentials and config. These files can be used to configure additional profiles, either for different users in the same account, with different permissions, or as I use them, for different AWS accounts.

Let's say you want to add another user profile. You would first edit the credentials file.

vim ~/.aws/credentials

Under your default account you add the following lines, replacing the username and the credentials with yours.

[username]
aws_access_key_id=<your_access_key_id>
aws_secret_access_key=<your_secret_access_key>

Next edit the config file.

vim ~/.aws/config

Add your new profile information under the existing one, making sure the username matches the one in your credentials file.

[profile username]
region=us-east-1
output=json

Finally, you can use your new profile by issuing the following command in the terminal.

export AWS_PROFILE=username

From this point, every aws command will use this profile's credentials.

To read more about the AWS CLI and all the options you can visit this link.

How to run a lambda locally and deploy it to AWS using SAM

Raz — Sun, 12 Apr 2020 19:19:01 +0000

This article was also published on razcodes.dev

AWS SAM or Serverless Application Model, is a framework for building serverless applications. There are several things I like about this framework that I have just discovered, from the fact that it's an extension of CloudFormation which gives you an awesome reliable way to deploy and describe your application and resources to the fact that in combination with Docker it allows you to test and debug your code locally.

This article will serve as a quick intro to SAM to get you a taste of what the process might look like.

Prerequisites

In my examples, I am using a mac, but you should be able to get the same experience using a different OS with minor changes here and there. To get started, you will need to have the following things in place.

AWS Account

AWS CLI

❯ aws --version
aws-cli/2.0.0 Python/3.8.1 Darwin/19.4.0 botocore/2.0.0dev4

Docker

❯ docker --version
Docker version 19.03.8, build afacb8b

SAM CLI

❯ sam --version
SAM CLI, version 0.47.0

Python

❯ python3 --version
Python 3.8.1

Getting started

First step is to create a new project in a folder of your choice using the init option. For this example I will be using the Python runtime so I will pass that as a parameter to the SAM CLI.

sam init --runtime python3.8 --name sam-lambda-demo

Which template source would you like to use?
        1 - AWS Quick Start Templates
        2 - Custom Template Location
Choice: 1

Cloning app templates from https://github.com/awslabs/aws-sam-cli-app-templates.git

AWS quick start application templates:
        1 - Hello World Example
        2 - EventBridge Hello World
        3 - EventBridge App from scratch (100+ Event Schemas)
Template selection: 1

-----------------------
Generating application:
-----------------------
Name: sam-lambda-demo
Runtime: python3.8
Dependency Manager: pip
Application Template: hello-world
Output Directory: .

Next steps can be found in the README file at ./sam-lambda-demo/README.md

This will create all the folders and files that you would need for a simple Hello World app. You can open the newly created folder in VS Code and explore the files and folders created.

cd sam-lambda-demo
code .

The two important files to look at right away would be README.md, that is a nicely documented file with more information about what is going on, and then template.yaml, which is the file that will be used to create the CloudFormation template and get things ready for deployment.

Deploy to AWS

You will need an S3 bucket in your AWS account, where your code will be stored. Keep in mind that buckets name have to be unique so make sure to chose an original name. I called mine raz-sam-us-east-1. You can create a new bucket from the console or to create a new bucket using the AWS CLI:

aws s3 mb s3://raz-sam-us-east-1

First you will need to create the package. This will create a new yaml file for CloudFormations as well as upload all the code to AWS in your S3 bucket.

sam package --template-file template.yaml --output-template-file deploy.yaml --s3-bucket raz-sam-us-east-1

Once that is done, you can run the deploy command that will create the stack in CloudFormations. You need to provide the command with the stack name of your choice as well as the deploy.yaml file that was created in the last step.

sam deploy --template-file deploy.yaml --stack-name SAMLambdaDemo --capabilities CAPABILITY_IAM

A nice screen will be presented to you in the terminal showing the progress of the stack creation. Once the process is complete you can look at the Outputs section on the screen for a link to the new API endpoint, name of the lambda function, as well as the role. Copy the URL for the api and put it in your browser to see the "hello world" message on your screen.

{"message": "hello world"}

You can also log into the AWS console and under CloudFormations -> Stacks find your new stack. There you can go under Resources to see everything that was built as well as under Outputs where you can see the same info that was presented above in the terminal.

Once you are done playing around, if you want to delete the stack together with all the resources that have been created you can do it right from the console or from the CLI.

aws cloudformation delete-stack --stack-name SAMLambdaDemo

Run it locally

Mare sure you have Docker up and running for this as it will spin up a new container.

There are two ways of doing this. You can run it as a function when you just expect the result in the terminal:

sam local invoke HelloWorldFunction --no-event

This will spin up a container, run the function and shut it down. Keep in mind that the first run will take longer because it will have to download the Python3.8 Docker image.

Invoking app.lambda_handler (python3.8)

Fetching lambci/lambda:python3.8 Docker container image......................................................................................................................................
Mounting /Users/raz/aws-sam/sam-lambda-demo/hello_world as /var/task:ro,delegated inside runtime container
START RequestId: cb2eff67-910e-15d1-7f6f-48087ac290bb Version: $LATEST
END RequestId: cb2eff67-910e-15d1-7f6f-48087ac290bb
REPORT RequestId: cb2eff67-910e-15d1-7f6f-48087ac290bb  Init Duration: 88.72 ms Duration: 2.58 ms       Billed Duration: 100 ms Memory Size: 128 MB     Max Memory Used: 25 MB

{"statusCode":200,"body":"{\"message\": \"hello world\"}"}

You can also run it in a way that will start a local web server, and you will be able to see the results in the browser.

sam local start-api

Once you do that, it will create a local web server and present you with a local URL that you can visit.

Mounting HelloWorldFunction at http://127.0.0.1:3000/hello [GET]
You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions, changes will be reflected instantly/automatically. You only need to restart SAM CLI if you update your AWS SAM template
2020-04-12 13:45:29  * Running on http://127.0.0.1:3000/ (Press CTRL+C to quit)

If you want to cleanup the Docker images you can first list them.

docker images

Then delete the one that was created, which in my case is lambci/lambda:python3.8.

docker rmi lambci/lambda:python3.7

Conclusion

There are many interesting things you can do using AWS SAM and this was just a short intro, so go out there and explore.

How to install Jenkins on Ubuntu 18.04 in VirtualBox

Raz — Sun, 05 Apr 2020 20:58:55 +0000

This article was first published on razcodes.dev

The following will show you how to install Jenkins on Ubuntu Server 18.04 that you will get up and running in VirtualBox on your machine. I wrote this using a mac, but it should be the same on other operating systems.

VirtualBox is a virtualization tool that allows you to create multiple virtual machines and have them run on your computer. You can download it and install it directly from their website.

Preparing Ubuntu Install

Once you have that up and running, go and download the ISO for Ubuntu Server. For this demo I used version 18.04 LTS.

In VirtualBox, click on New
Fill in the name (ex: Ubuntu - Jenkins), type (Linux), and version (Ubuntu 64-bit), then click Continue
For memory, I went with 2048 MB
Create a virtual hard disk now
Chose VDI
Dynamically allocated
I gave it 16GB of space

With the new machine created and selected, right click and chose Settings, then click on Storage. Select the Empty option under the IDE controller and then on the right side of the interface click on the disk icon, which will allow you to point it to the ISO you downloaded.

Go to the Network tab, and select Bridged Adapter. I like to use this option because it gives the new machine an IP address on the network, instead of just a local one. Click OK.

Now you can start the new Virtual machine.

Installing Ubuntu

Once the installation starts, you can move around using the tab key or arrow keys. I mostly left everything as default, unless noted otherwise.

select your language
keyboard layout and variant
network
proxy
mirror
Use An Entire Disk
select the disk
Done
Continue
Fill in your name, desired server name, username and password
press space to Install OpenSSH server (optional)
Done

When the installation is complete, select Reboot, then press Enter when asked to remove the install media.

You can login, using the credentials you setup earlier. First, you should apply all the available patches to your new system.

sudo apt update && sudo apt upgrade

Installing Jenkins

In order for Jenkins to work we will need to install Java.

sudo apt install -y openjdk-8-jre

Next we will add the Jenkins key to our system.

wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt key add -

Add source packages

sudo sh -c 'echo deb https://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

Now we can run another update and install Jenkins

sudo apt update && sudo apt install jenkins

And now, just to make sure that Jenkins will restart when the system is rebooted:

sudo systemctl enable jenkins

Final setup

You can now get the IP of your new system using the following command:

ifconfig | grep inet

You can take your ip address and add :8080 at the end of it and paste it in the browser. That will bring up the Jenkins setup (ex: 192.168.1.49:8080)

To pass this first screen you will need the secret key that was created during the install, so back on the server you can get that key like so:

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

take the output of that key and put it in the browser
chose if you want to install the default plugins or none
fill in your desired username, password and email for Jenkins
take note of your new URL
start using Jenkins

That’s all folks. You should have a brand new VM Ubuntu Server running Jenkins.

How to scan your AWS account for old access keys using python

Raz — Sun, 29 Mar 2020 15:59:50 +0000

This article was first published on razcodes.dev

In AWS, control 1.3 of the CIS AWS Foundations talks about making sure that keys that are older than 90 days are disabled. You can check this manually of course using the AWS console as explained in the documentation or you can write a script that does those checks for you with python.

Using the terminal, in your projects folder create a new directory for this experiment.

mkdir iam-key-scanner && cd iam-key-scanner

I like having virtual environments for all my projects, so I will create a new one and activate it.

python3 -m venv venv
source ./venv/bin/activate

You will need to install 2 packages to follow along. One is of course boto3 and the other one is python-dotenv for storing the AWS keys used to to the scan.

pip install boto3 python-dotenv

Create a .env file for storing the AWS credentials. If later you decide to convert this into a lambda, you would of course not need this and you would create a role, but for running it from the computer this approach is a good option.

touch .env

Edit the .env file in your favorite editor and add the following 2 lines with your credentials.

AWS_ACCESS_KEY_ID=your-access-key-id
AWS_SECRET_ACCESS_KEY=your-secret-access-key

First thing that we have to do is to generate the report and then after it's generated we can read it and take action. To keep this simple I will break it into the two parts, however they can be part of the same script when you are ready for production.

Generating the report

Here is the script that will generate the report.

touch generate-report.py

import os
import boto3
from dotenv import load_dotenv

load_dotenv()

AWS_ACCESS_KEY_ID = os.getenv('AWS_ACCESS_KEY_ID')
AWS_SECRET_ACCESS_KEY = os.getenv('AWS_SECRET_ACCESS_KEY')

client = boto3.client(
    'iam',
    aws_access_key_id=AWS_ACCESS_KEY_ID,
    aws_secret_access_key=AWS_SECRET_ACCESS_KEY
)

response = client.generate_credential_report()

Now run it.

python generate-report.py

The report generation is pretty fast, but if you want to wait for it just look at the response. When the State is 'COMPLETE', the report is ready.

print(response['State'])

Parsing the report

For parsing the report I decided to use namedtuple so I can access the data more easily.

I am using timedelta, so I can calculate the age of a user key. You will see that there are two user keys for each user so we need to make sure we look at both. I am also declaring a variable called format that I am using together with strptime to get the returned date as I want it.

This script will just print out the users, but you can easily create another function that you can call to disable the expired key or do perform key rotation. Also note that the script will show you the users with keys older than 90 days even if the key is inactive. You can add an extra check if you would like to only show the ones with active keys.

touch parse-user-report.py

import os
import boto3
from dotenv import load_dotenv
from collections import namedtuple
from datetime import datetime, timedelta, timezone

retentionDate = datetime.now() - timedelta(days=90)
format = '%Y-%m-%d'

load_dotenv()

User = namedtuple('User', 'user arn user_creation_time password_enabled password_last_used password_last_changed password_next_rotation mfa_active access_key_1_active access_key_1_last_rotated access_key_1_last_used_date access_key_1_last_used_region access_key_1_last_used_service access_key_2_active access_key_2_last_rotated access_key_2_last_used_date access_key_2_last_used_region access_key_2_last_used_service cert_1_active cert_1_last_rotated cert_2_active cert_2_last_rotated')

AWS_ACCESS_KEY_ID = os.getenv('AWS_ACCESS_KEY_ID')
AWS_SECRET_ACCESS_KEY = os.getenv('AWS_SECRET_ACCESS_KEY')

client = boto3.client(
    'iam',
    aws_access_key_id=AWS_ACCESS_KEY_ID,
    aws_secret_access_key=AWS_SECRET_ACCESS_KEY
)

response = client.get_credential_report()
body = response['Content'].decode('utf-8')
lines = body.split('\n')

users = [User(*line.split(',')) for line in lines[1:]]
for user in users:
    if (user.access_key_1_last_rotated != 'N/A' and datetime.strptime(user.access_key_1_last_rotated[:10], format) < retentionDate) or (user.access_key_2_last_rotated != 'N/A' and datetime.strptime(user.access_key_2_last_rotated[:10], format) < retentionDate):
        print(user.user)

python parse-user-report.py

Please let me know if you have any questions or if you would have done something differently.

How to host a static website with AWS S3 and SSL using CLoudFront

Raz — Sun, 22 Mar 2020 17:40:01 +0000

This article was first published on razcodes.dev

Prerequisites

To follow this article, you will need to have an AWS account. You can create one here.

Note that while creating an account with AWS you are eligible for the free tier for your first year, some of the setup will not be free. It is always a good idea to setup a billing alarm first thing after you create your account, and you can do so by following this article.

You will also need to have a domain name. If you don't, you can register one using a registrar like Google Domains, or another one of your choice. You can also register your domain directly with AWS using Route53 once you login. I like having the domain name in a different place, just because I am not 100% sure I will stay with this hosting solution forever, so I feel this gives me the flexibility to move around and experiment easier.

Setting up S3

S3 is the AWS file system where the files for the website will be uploaded. We will be creating 2 buckets here, one for the root domain (getjambalaya.com) and one for the www subdomain (www.getjambalaya.com). The root domain bucket will just be forwarded to the main www one where we will be uploading all the files.

Go to your AWS console and then go to S3. Start by creating the first bucket. This bucket will have to be the name of your domain.

Next create the www domain bucket, this time deselecting Block all public access and acknowledging the choice. We are doing this, since this bucket will be made public.

Still in S3, click on the initial bucket, go under Properties and under Static website hosting, set it up so it redirects to your www domain.

Go to your www bucket, under Properties -> Static website hosting, and Use this bucket to host a website. Also put index.html as the index document.

For this same bucket, under Permissions -> Bucket Policy, you can add the following policy, making sure you replace my domain name with yours. This will make all the objects in the bucket accessible to the outside world.

 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::www.getjambalaya.com/*"
        }
    ]
}

You can now go under Overview and upload all the files of your website into your bucket. For this example I will just upload an index.html file that I have prepared.

Setting up the domain

In AWS go to Route 53 and under Hosted zones click Create Hosted Zone.

Once the zone has been created, take all 4 of your NS domains provided and make sure you update your DNS setting with your registrar. For Google Domains I went under my domain -> DNS -> Name Servers -> Use custom name servers. Should be the same with others as well.

These might take a while to update as such is the way with DNS settings.

Getting the certificate

In AWS, Services -> Certificate Manager -> Request a certificate -> Request a public certificate. Put in your domain name (www.getjambalaya.com). Select DNS validation. Add Tags if you wish. Confirm and Request.

Because we already added the domain to Route53, on the confirmation screen, you can expand by clicking on your domain name and click on Create record in Route53 and then Create.

Now you will just have to wait until AWS validates your certificate based on the DNS settings. It only took 2 minutes for me, but might take longer.

Creating the CloudFront distribution

In AWS, Services -> CloudFront -> Create Distribution -> Web -> Get Started. There will be a lot of options on this screen, but only a few will be changed for this exercise.

Under Origin Domain Name select your www s3 bucket. Under Viewer Protocol Policy chose Redirect HTTP to HTTPS.

Under Alternate Domain Names put in your www domain name (www.getjambalaya.com).

Under SSL Certificate chose Custom SSL Certificate and chose the one you just created above.

Last thing, under Default Root Object put in index.html.

Click Create. It will take a while for the distribution to be created so be patient.

Finishing the domain setup

Now back to Services -> Route 53 -> Hosted Zones select your domain name. We will create 2 more record sets, one for each bucket we created above.

Create Record Set -> Alias and select as the Alias Target the s3 bucket you created first, then click Create.

For the second one, we will point it to the CloudFront distribution we created above, so make sure you wait until that finishes.

Create Record Set, add www to the name, select Yes for Alias and in the Alias Target, select your CloudFront distribution, then Create.

As with other DNS changes this might take a bit to update so if it does not work right away just be patient. It will.

Congratulations, you can now visit your new website.

DEV Community: Raz

How to do a quick network recon during a pentest or CTF

Init

More

Website involved

Fork in the road

How to use AWS named profiles

Creating the user

CLI Setup

Invoking

Command style

ENV style

Oh My Zsh style

Conclusion

How to launch your first Webserver with AWS EC2

Setup

Browser visit

SSH connect

The end

How to upgrade your shell and prompt in Kali or Parrot

The $SHELL

Oh My Zsh

Powerlevel10k

Fonts

Theme

Resources

How to create a lambda layer in AWS

Preparing the layer

Creating the layer

Creating the lambda

Connecting the layer

Creating the Test event

Run it

Thoughts

How to create a lambda using Python with dependencies

The Code

The Lambda

The Bundle

All together now

Optionals

Test

How to create and invoke a lambda using the AWS CLI

The Code

The Lambda Role

The Lambda

Invocation Time

How to get up and running with AWS CLI on macOS

Get credentials

Install the CLI

Configure the CLI with your credentials

Issue commands and get help

Named Profiles (optional)

How to run a lambda locally and deploy it to AWS using SAM

Prerequisites

Getting started

Deploy to AWS

Run it locally

Conclusion

How to install Jenkins on Ubuntu 18.04 in VirtualBox

Preparing Ubuntu Install

Installing Ubuntu

Installing Jenkins

Final setup

How to scan your AWS account for old access keys using python

Generating the report

Parsing the report

How to host a static website with AWS S3 and SSL using CLoudFront

Prerequisites

Setting up S3

Setting up the domain

Getting the certificate

Creating the CloudFront distribution

Finishing the domain setup