-
install Vagrant
-
install vagrant-google plugin
-
if not done already, add an ssh key to your project's Metadata area. The vagrant-google provider will connect to the launched instance using gcp auth.
-
edit the Vagrantfile:
-
set the path to a gcp service keyfile (e.g.,
account.jsonas in the root dir of this repo). This will give the plugin permissions to launch instances in your project. -
Put the ssh username and private key filename into the Vagrantfile. The plugin will connect to the launched instance using these credentials.
-
If the vagrant provision step is asking for a password, then something may be wrong with your keyfile -- try ssh'ing manually, and look for error messages. e.g.:
vagrant ssh-config > ssh.config ssh -F ssh.config default
-
-
set the path to your ssh private keyfile to your gcp project. Don't put it in this directory, because if you do, it will be
rsync'ed to the guest (to directory/vagrant)!
-
If this image is to become a base image for others to launch, then step down the disk space and relaunch before creating the image. resizefs should (hopefully) automatically run on the image as it launches. Then create your image.
Then, run vagrant up!
-
Shut down the instance:
vagrant halt -
Use the GCP console to create a new image from the instance backing disk.
-
Get the "disk" name from the
Disksconsole tab. It defaults to be the same name as the instance it backed. Also get the disk's "zone."" -
run the following
gcloudcommand from a console "cloud shell."gcloud compute images create <new-image-name> \ --source-disk <source-disk-name> \ --source-disk-zone <source-disk-zone> \ --family <family-name>For example:
gcloud compute images create kali-v3-0-0 \ --source-disk kali-v3 \ --source-disk-zone us-central1-f \ --family security-assignments-kaliUse
--source-image-projector--source-disk-projectto use an image or disk from another project.
-
https://cloud.google.com/compute/docs/images/image-families-best-practices
See deargle/lab-de-ice-s1-100 for instructions.
The easiest way to run WebGoat is to run it as a Docker container.
# manually hard-codes to `buster` since otherwise `lsb-release` would output `kali-rolling`, which isn't an available debian distro on download.docker.com/linux/debian
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install docker-ce docker-ce-cli containerd.ioAnd then it's just:
docker run -it -p 127.0.0.1:80:8888 -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 webgoat/goatandwolf:v8.2.2- v3.0.2 -- 2022-01-10
- Add a swapfile
- v3.0.1 -- 2021-09-09
- Bugfix for default desktop env (cinnamon => xfce)
- v3.0.0 -- 2021-08-24
-
Updated to Kali 2021.2
-
All users can do passwordless sudo. I did this because users connecting via chrome remote desktop weren't getting added to the
google-sudoersgroup, even though they do get added when ssh'ing in.An alternative would be to have users add themselves to the
kali-trusted(IIRC) group, when ssh'ing in. But really, with a known root passwordtoor, in my view it's no additional security exposure to give all users passwordless sudo. -
Pre-install the latest Nessus v8.
-
Install the most recent vagrant version.
-
have the vagrant SO add sleep for 5 min and then halt, instead of requiring the user to connect and halt that vm after it finishes its initial boot.
-
Update the chrome remote desktop script to set default xfce.
-