ArchiDep logo

ArchiDep

Architecture & Deployment

The Image Gallery

An exercise to illustrate a security flaw.

On this page

:scroll: Legend

Parts of this exercise are annotated with the following icons:

  • :exclamation: A task you MUST perform to complete the exercise
  • :question: An optional step that you may perform to make sure that everything is working correctly, or to set up additional tools that are not required but can help you
  • :checkered_flag: The end of the exercise
  • :classical_building: The architecture of the software you ran or deployed during this exercise.
  • :boom: Troubleshooting tips: how to fix common problems you might encounter

:exclamation: Get your public SSH key

You can display your public SSH key in your terminal with the following command:

$> cat ~/.ssh/id_ed25519.pub

You should copy the output of this command. You will need it later.

:exclamation: Launch a virtual server

You will launch a virtual server to deploy the vulnerable application.

  • Access the Azure portal and go to the Virtual machines section:

    Azure Portal

  • Create a new virtual machine with these settings, then go to the Disks settings:

    Gallery virtual machine

  • Keep the default Disks settings.

    Go to the Networking settings:

    Azure: go to the networking settings

  • In the Networking settings:
    • Make sure inbound ports 22 (SSH) and 80 (HTTP) are open.
    • Enable the option to automatically Delete public IP and NIC when VM is deleted.

    Gallery virtual machine

  • Create the VM.

Follow the instructions in this repository.

Warning

Be sure to do this on the gallery server you just launched, not on your main cloud server.

You can connect to it with ssh gallery@W.X.Y.Z (where W.X.Y.Z is the IP address of the server, which you can find in the Azure portal).

Back to top
ArchiDep logo
ArchiDep