Home

Awesome

Azure vulnerable application

<img width="759" alt="broken by design white" src="https://user-images.githubusercontent.com/14212955/180998359-a17af967-84bc-4541-af75-06a1ea4e5927.png">

A vulnerable Azure architecture that is online 24/7. The environment provides several flags that can be found by exploiting Azure vulnerabilities.

Links

Requirements for development

Running the Terraform scripts

  1. Login using the az login
  2. Make sure the certificates (files/key.pem and files/cert.pem) are still valid, currently untill 2032.
  3. Run terraform init to install required providers
  4. Run terraform plan to see changes (You can also skip this step)
  5. Run terraform apply to apply changes
  6. If you want to destroy the environment, run Terraform destroy

Notes

Issues / to do

Creating new certificates

Run openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem. Make sure to add the application-id and tenant-id to the cert.pem in format:

-----BEGIN AZURE_DETAILS-----
Tenant id: TENANT_ID_HERE
App-id: APP_ID_HERE
-----END AZURE_DETAILS-----