Automation (Ansible)

[richnadeau]

Need to work on Automation using Ansible for setting up our first target server (phpMyAdmin vulnerability).

[richnadeau]

Mike and I started looking into how to automate our vulnerable server and started writing the playbook/inventory. Incomplete playbook/inventory can be found here. We have a list of questions to ask Devin in our meeting tomorrow before we go any further with this.

[richnadeau]

We need to set up an excel spreadsheet with Devin so we can store needed passwords on there. We know now that our exploit needs to have a base snapshot with basic things installed (LAMP for example) and the automation is just for setting up the exploit. Mike and I will be working on this for the majority of next week (week of 10/25)

[richnadeau]

Was working on Ansible a bit today and was having troubles with connectivity of my PC and the target server. Had no luck obtaining root and user hashes in a reasonable manner either (Devin has a script somewhere I need to ask where I can find that). I was able to generate root and user flags on the server though so at least there is that.

[richnadeau]

Worked on the Ansible playbook and inventory a lot yesterday. Uploaded the github Ansible files with the work I've done. Hopefully will be finished soon.

[richnadeau]

Ansible playbook for configuring PHPMyAdmin vulnerability is working well and it is uploaded to my Github. Sent OVF file and the link to my Ansible files to Devin and will discuss it tomorrow in the AM during our meeting.

[richnadeau]

Confirmed Ansible is working, closing this issue