Mirtov Alexey c097b7414d Update README.md hace 2 años
..
README.md c097b7414d Update README.md hace 2 años
README_RU.md 33d0bd4365 add english hace 2 años
cloud_config.yaml f0612810de add waf hace 3 años
declaration.yaml f0612810de add waf hace 3 años
network_tasks.tf f0612810de add waf hace 3 años
output.tf f0612810de add waf hace 3 años
provider.tf f0612810de add waf hace 3 años
variables.tf f0612810de add waf hace 3 años
vm_tasks.tf f0612810de add waf hace 3 años

README.md

Installing a Damn Vulnerable Web Application (DVWA) in Yandex.Cloud using Terraform for managed WAF testing

Link to a video review on YouTube: https://www.youtube.com/watch?v=r7Dxv_as24E

Terraform playbook will create:

Prerequisites:

  • Bash.
  • Terraform.
  • YC CLI, a user with the admin or editor role at the folder level.

Installation

  • Copy repository files using Git: git clone https://github.com/mirtov-alexey/dvwa_and_managed_waf.git
  • Fill out the variables in the variables.tf file: in the token field, enter either the user's OAuth token or a path to the service account's key file.
  • In the provider.tf file, specify token = var.token (for user authentication) or service_account_key_file = var.token (for authenticating on behalf of the service account).
  • Go to the file folder and run terraform init: cd ./dvwa_and_managed_waf/ terraform init
  • Next, run terraform apply:

    terraform apply
    

    Installation results

  • As a result of the installation, an external IP address will be displayed in the command line: image

  • Next, when you open the address in the browser, you should see the following: image

  • Enter login: 'admin, password: 'password.

  • At the very bottom of the page, click Create/Reset database.

  • Then click Login at the bottom.

  • On the DVWA Security tab, change the level to Low.

  • Go to the SQL Injection tab and in the User ID field, enter the following:

    `%' and 1=0 union select null, concat(user,':',password) from users #`
    

image