Sunday, 21 March 2021

How to take down your free cloud account before it costs $$$

 OK so the time has come, we are all done with our Juicebox CTF and other experiments and the $100 credit is nearly running out (if you did it right).   The follow instructions are my quick reference notes, but really there's a great article here that provides a nice walkthrough: this is where i started.  https://www.websiteplanet.com/blog/cancel-digitalocean/

1) First things first - backup your data.  

    * I also recommend exporting terminal history so you can recall setup commands for future projects.

    Using WinSCP or other SSH based file transfer tool (even windows 10 supports this now)

        https://winscp.net/eng/docs/guides

        https://docs.microsoft.com/en-us/windows/terminal/tutorials/ssh

2) After your data has been copied off the systems you setup, you can shutdown the VM's

3) With that completed, now you need to remove any special DNS settings (i.e. if you used a registed domain for any of your VM's  

    * In my case I had a google domain associated with it so referring back to my previous article, I undid the config settings both in Google domain services and Digital Ocean





    * After this step your domain is only referred through Google DNS so any VM's host records tied to this are gone, from this point on you will only able to connect with the cloud providers account console or if you ssh to the IP of the vm directly

4) Now we need to destroy the VM (and any others)



     * Now there's multiple prompts to makes sure you aren't making a mistake, but once completed they are gone


5) Now you can go to account settings and deactivate the account - make sure you purge your data 



    * After this your account is gone, bye bye, syanora, hasta nunca test VM's!


    * Don't forget to fill out the customer survey - you had some fun through their kindness, the least you can do is tell them what you think of the product, your input may even help make it better. (no royalties likely, but bonus gratitude is still worth it hehe)

Now to try out some other cloud services ... like Oracle Cloud Platform, why not give it a whirl ... look forward to more posts.  Until next time!

Posted by at

Saturday, 23 January 2021

How to make a CTF

 In this blog article I'll explain how to build your own Capture The Flag (CTF) challenge and host it online for up to two months for free using a digital ocean droplet.

Requirements:

  • A Gmail account to register with digital ocean
  • A valid credit card, sorry it's a necessary evil
  • A referral link from digital ocean providing $100 credit for up to 2 months.  
    • Use mine if you like: https://m.do.co/c/45afc9316e43
  • Lot's of patience - some of the setup is tricky - google is your friend
  • Setup reminders... Monitor activity and remember to close out your account before the 2 months expires or $100 credit is used

Procedure:

  1. Use your Gmail account and credit card to register for a digital ocean account
    1. https://www.digitalocean.com
  2. Login to digital ocean and create a droplet. 


    3. In this example we will use an Ubuntu VM (choose version 18.04), Basic $5/mo plan
    4. Scrolling down we will choose preferred datacenter, and root authentication method, tags and link the droplet to a project. 
    5. Create the droplet and go to the Droplets menu to access the settings and Recovery shell (alternately the droplet is accessible through SSH clients such as Putty)
    6. Configure Networking settings
            a) Configure the firewall to at a minimum, allow inbound access to the droplet on TCP port                         3000. 
  b) In the example below ICMP is also enabled for troubleshooting, but SSH and other ports can be added as required, just be sure to only allow access from IP's you want to allow access from rather than the default (All IPv4/IPv6)


            c) If you have a domain available, and want to use it, setup DNS records and link to the IP
            d) No domain - no problem, you're users will just need to be given the IP address to connect
    7. Install docker
            a) I just followed the instructions at this link:
       https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
    8. Setup and start Juice Shop
            a) Run docker pull bkimminich/juice-shop
    9. Run docker run --rm -p 3000:3000 bkimminich/juice-shop

Connect and Hack

1. Connect to the new CTF page and begin hacking!
        a) Browse to http://<your IP or domain>:3000
2. Have fun and learn! 
        a) You can always use the companion guide to help you through the tough spots
        b) https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/



Posted by at
Subscribe to: Posts (Atom)