🔓 Azure Vulnerability Lab

A comprehensive vulnerable Azure infrastructure lab designed for penetration testing practice, security education, and red team exercises.

🚨 IMPORTANT DISCLAIMER

⚠️ FOR EDUCATIONAL USE ONLY ⚠️

This lab creates intentionally vulnerable infrastructure with security misconfigurations. It is designed exclusively for:

Cybersecurity education and training
Penetration testing skill development
Security research in controlled environments
Red team exercise preparation

DO NOT deploy this in production environments or with real sensitive data !!!!

🎯 What You'll Learn

This lab helps you practice identifying and exploiting common Azure security misconfigurations:

🔍 Included Vulnerabilities

SSH Configuration Issues: Various SSH security weaknesses
Network Security Group Misconfigurations: NSG bypass opportunities
Public IP Exposure: Cloud infrastructure enumeration targets
Access Control Weaknesses: Privilege escalation scenarios
Infrastructure Reconnaissance: Azure resource discovery methods

See SOLUTIONS.txt for detailed vulnerability explanations and exploitation techniques.

🛠️ Prerequisites

Required Tools

Azure Subscription (Free tier is sufficient)
Terraform (v1.0 or later) - Download here
Azure CLI - Installation guide
SSH Key Pair - Generation guide

Required Knowledge

Basic understanding of Azure services
Familiarity with Terraform basics
Basic networking concepts
SSH/Linux command line knowledge

🚀 Quick Start Guide

Step 1: Clone the Repository

git clone https://github.com/ShreelaxmiHegde561/azure-vulnerability-lab.git
cd azure-vulnerability-lab

Step 2: Azure Authentication

# Login to Azure
az login

# Set your subscription (if you have multiple)
az account set --subscription "your-subscription-id"

Step 3: Configure Variables

# Copy the example variables file
cp terraform.tfvars.example terraform.tfvars

# Edit with your specific values
nano terraform.tfvars  # or use your preferred editor

Step 4: SSH Key Generation

If you don't have SSH keys, generate them:

# Generate SSH key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/azure_lab_key

# Get your public key content
cat ~/.ssh/azure_lab_key.pub

Step 5: Update Configuration

Edit terraform.tfvars with your details:

resource_group_name = "azure-vuln-lab-rg"
location            = "East US"
vm_size             = "Standard_B1ls"  # Free tier eligible
admin_username      = "vulnadmin"
ssh_public_key      = "ssh-rsa AAAAB3NzaC1yc2E... your-key-here"
allowed_source_ip   = "YOUR_PUBLIC_IP/32"  # Get from whatismyip.com

Step 6: Deploy the Lab

# Initialize Terraform
terraform init

# Review the deployment plan
terraform plan

# Deploy the infrastructure
terraform apply

Step 7: Access Your Lab

# Get the public IP (displayed after terraform apply)
terraform output jumpbox_public_ip

# Connect via SSH
ssh -i ~/.ssh/azure_lab_key vulnadmin@

📋 Configuration Details

Variable Descriptions

Variable	Description	Example	Required
`resource_group_name`	Name for your lab resource group	`"azure-vuln-lab-rg"`	Yes
`location`	Azure region for deployment	`"East US"`	Yes
`vm_size`	Virtual machine size	`"Standard_B1ls"`	Yes
`admin_username`	VM admin username	`"vulnadmin"`	Yes
`ssh_public_key`	Your SSH public key content	`"ssh-rsa AAAAB..."`	Yes
`allowed_source_ip`	Your public IP for SSH access	`"203.0.113.1/32"`	Yes

Finding Your Public IP

# Find your public IP address
curl ifconfig.me

# Use in terraform.tfvars as CIDR
# Example: "203.0.113.1/32" for single IP
# Use "0.0.0.0/0" for open access (NOT RECOMMENDED)

💰 Cost Management

Expected Costs

Standard_B1ls VM: ~$3.50/month (Free tier eligible)
Standard Public IP: ~$3.00/month
Standard_LRS Storage: ~$1.00/month
Total: ~$7.50/month

Cost Optimization

# Stop VM when not in use
az vm stop --resource-group azure-vuln-lab-rg --name jumpbox-vm

# Start VM when needed
az vm start --resource-group azure-vuln-lab-rg --name jumpbox-vm

🔧 Troubleshooting

Common Issues

SSH Connection Failed

# Check your source IP
curl ifconfig.me

# Verify NSG rules allow your IP
az network nsg rule list --resource-group azure-vuln-lab-rg --nsg-name jumpbox-nsg

Terraform Errors

# Re-authenticate to Azure
az login

# Check subscription
az account show

Resource Already Exists

# Use different resource group name in terraform.tfvars
resource_group_name = "azure-vuln-lab-rg-2"

🔄 Lab Management

Updating the Lab

git pull origin main
terraform plan
terraform apply

Cleaning Up

# ⚠️ This destroys ALL resources
terraform destroy

# Verify cleanup
az group list --query "[?name=='azure-vuln-lab-rg']"

📚 Learning Path

Setup: Deploy the infrastructure using this guide
Reconnaissance: Start with basic network scanning
Enumeration: Identify services and configurations
Exploitation: Practice vulnerability exploitation
Post-Exploitation: Explore privilege escalation
Documentation: Document your findings

For detailed vulnerability information and exploitation techniques, see SOLUTIONS.txt

🤝 Contributing

Contributions welcome! Please:

Fork the repository
Create feature branch: git checkout -b feature/new-vulnerability
Test thoroughly in isolated environment
Submit pull request with detailed description

⚠️ Legal Notice

Educational use only. Users responsible for compliance with all laws and proper resource cleanup.

Happy Learning! 🎓🔒

For detailed penetration testing guidance, see SOLUTIONS.txt

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
scripts		scripts
.gitignore		.gitignore
README.md		README.md
SOLUTIONS.txt		SOLUTIONS.txt
jumpbox.tf		jumpbox.tf
main.tf		main.tf
outputs.tf		outputs.tf
variables.tf		variables.tf

ShreelaxmiHegde561/azure-vulnerability-lab

Folders and files

Latest commit

History

Repository files navigation