This post goes over the creation of the TryHackMe room GitOops.
I’m going to go over my methodology and the technology used in creating the room.
Methodology
I’ve been thinking of creating a TryHackMe room for a little while before I started working on this. I started actually working on it after I had an idea for a more AWS centric room but I ended up focusing it more towards the GitOps / Terraform side.
Initial access is to a server with an anonymous FTP server which houses Terraform code setting up an ec2 instance / some other configuration, there is a s3 bucket used for remote state that is public get (not list) The state file can be downloaded anonymously which contains a key to SSH into the server as non-root user. For gaining root maybe have a local IMDSv2 server or something that can get AWS credentials… not sure about how to turn that into a root privesc.
From initial idea to completed room (not published) it room me about 5 days.
I started off by creating a diagram which is used to refine the exploitation flow, tracking progress and make notes of areas that have issues.
Technology
For creating the room itself I fully used Ansible for every change to the ubuntu server. If your interested in the code or the workflow of creating it check out my GitHub repository thm-gitoops. Code be available once the room is officially released by TryHackMe
If you found this article interesting you may also like: