Scribd
Upload
4 views

CCS Lab Manual

The document outlines practical exercises related to cloud computing and security using AWS, including creating cloud architecture, designing workflows, and applying virtualization concepts. It details steps for setting up AWS accounts, using tools like Kali Linux and AWS CLI, and performing tasks such as configuring profiles, enumerating domains, and managing S3 buckets. Additionally, it covers the design of combinatorial auctions and scheduling algorithms for cloud resources.

Uploaded by

wasplisbethsalander66
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

CCS Lab Manual

The document outlines practical exercises related to cloud computing and security using AWS, including creating cloud architecture, designing workflows, and applying virtualization concepts. It details steps for setting up AWS accounts, using tools like Kali Linux and AWS CLI, and performing tasks such as configuring profiles, enumerating domains, and managing S3 buckets. Additionally, it covers the design of combinatorial auctions and scheduling algorithms for cloud resources.

Uploaded by

wasplisbethsalander66
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Enrolment No.

2203051260037 Cloud Computing & Security (303105368)

Practical 1
Creating Setup for cloud architecture and setting up essential
services

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Practical 1
Creating Setup for cloud architecture and setting up essential
services
Description:
AWS (Amazon Web Services) is a comprehensive, evolving cloud computing platform
provided by Amazon. It includes a mixture of infrastructure-as-a-service (IaaS), platform-
as-a-service (PaaS) and packaged software-as-a-service (SaaS) offerings. AWS offers tools
such as compute power, database storage and content delivery services.
Amazon.com Web Services launched its first web services in 2002 from the internal
infrastructure that the company built to handle its online retail operations. In 2006, it
began offering its defining IaaS services. AWS was one of the first companies to introduce
a pay-as-you-go cloud computing model that scales to provide users with compute,
storage and throughput as needed.

Tools:

The AWS portfolio includes the following categories of services:

• Compute.
• Storage.
• Databases.
• Infrastructure management.
• Application development.
• Data management.
• Migration.
• Hybrid cloud.
• Networking.
• Development tools.
• Management.
• Monitoring.
• Security.
• Governance.
• Big data management.
• Analytics.
• Artificial intelligence (AI).
• Mobile development.
• Messages and notifications.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Implementation:

Step 1: Open the Amazon Web Services home page

Choose Create an AWS account.

Step 2: Enter the required information

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Practical 2
Design different workflows according to requirements and
apply map reduce programming model

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Practical 2
Design different workflows according to requirements and
apply map reduce programming model
Description:
This challenge comprises a series of levels, six levels to be exact, designed to teach some
common mistakes made when using Amazon Web Services (AWS) including IAM, EC2, S3,
and more, and how to exploit them. A series of hints are provided to assist in teaching
how to discover the information needed to pass each challenge.

Tools:

• Parallels Virtual Machine


• Kali Linux OS
• AWS Console

Flaws:

Level 1:

Step 1: First, start with the domain enumeration.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 2: Next, navigate to the sub domain of S3 website “flaws.cloud.s3.amazonaws.com”,


on your browser.

Step 3: Next, enumerate the bucket by typing "aws s3 ls s3://flaws.cloud/ --region us-
west-2”.

Step 4: Type “aws s3 ls s3://flaws.cloud/ --region us-west-2 --no-sign-request”.

Step 5: Next, proceed to copy the secret file from the CLI and add it as a suffix to the S3
website on your web browser to complete the challenge by finding the secret file.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Level 2:

Step 1: First, type “aws configure --profile USER_ACCOUNT” to configure a profile using
credentials from an existing user account.
Step 2: Once the credentials have been configured, an AWS profile will be created that
can be used to access specific resources using the CLI.

Step 3: Next, access the Level 2 bucket from the website through the CLI with the newly
created credentials by typing “aws s3 --profile USER_ACCOUNT ls s3://level2-
c8b217a33fcf1f839f6f1f73a00a9ae7.flaws.cloud/”.

Level 3:

Step 1: You’ll find something that will let you list what other buckets are. http://level3-
9afd3927f195e10225021a578e6f78df.flaws.cloud/

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 2: Bucket contains git config file and downloading entire s3 bucket locally

Step 3: Inspecting git log

Step 4: It has a comment of accident commit and lets checkout that git commit

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 5: We find the access key and secret key there.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Flaws 2:

Level 1:

Step 1: First, start with the domain enumeration.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 2: Bypass PIN Code

Access S3 Version URL http://flaws2.cloud.s3-website-us-east-1.amazonaws.com/


Form Request

Form is requesting https://2rfismmoo8.execute-api.us- east-


1.amazonaws.com/default/level1?code=1234

Enter a non-number into URI https://2rfismmoo8.execute-api.us- east-


1.amazonaws.com/default/level1?code=g

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 3: Configure the aws profile and access the bucket.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Practical 3
Apply and design suitable Virtualization concept, Cloud
Resource Management and design scheduling algorithms

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Practical 3
Apply and design suitable Virtualization concept, Cloud
Resource Management and design scheduling algorithms
Tools:

• Kali Linux
• Windows
• AWS CLI

Cloud Goat:
Cloud Goat is a AWS deployment container which is basically a CTF for teaching AWS
abuses. The scenarios that I have tried covering from cloudgoat is Cloud Breach s3.

Implementation:

Step 1: Setting up Cloud Goat

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 2: After the cloud goat challenge is installed properly, we will have to install
terraform which is used for managing the cloud infrastructure through templates and
policies through cli or through code.

Step 3: After downloading terraform, move it to /usr/bin/ and after that you can run
cloudgoat.py

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 4: Then we have login into our AWS free account, after logging we need to create a
user

Step 5: After creating the user, we’ll get AWS session and secret key

Step 6: Now use awscli to configure aws session for this user by creating a profile because
this script will be using the AWS resources from our account so make to remove them
after you are done with the scenario

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Cloud Breach s3 (Medium)

Step 1: In this scenario we need to query the metadata of EC2 from a reverse proxy and
access AWS session then using those keys we need to extract data from s3 bucket, so
creating this scenario

Step 2: To start attacking, we can get the IP address from the generated start.txt file

Step 3: Making a request with curl shows that it's configured to work as a proxy to make
requests to ec2 metadata

Step 4: AWS has an IP for metadata which is 169.254.169.254, so we need to edit the Host
header of the request and make a request to /latest

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 5: So, we can make a request to /latest/metadata/iam/securitycredentials/cg-


banking- WAF-Role-cloud_breach_s3_cgidkt0wpx0w0k, which will show AWS access key

Step 6: Adding a profile using these keys

Step 7: We can verify the keys if they are working with “aws sts get-caller-identity --
profile cloud-breach”

Step 8: To view contents of this s3 bucket we can list it by giving the bucket name which
is “cg-cardholder-data-bucket-cloud-breach-s3-cgidkt0wpx0w0k”

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 9: To copy all files from s3 bucket we can use cp to copy files, --recusrive to copy all
files. for the destination to be the current path

Step 10: Accessing any of these files mean that we have compromised s3 bucket which
completes this scenario.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Practical 4
Create combinatorial auctions for cloud resources and design
scheduling algorithms for computing clouds

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Practical 4
Create combinatorial auctions for cloud resources and design
scheduling algorithms for computing clouds
Steps:

Step 1: Sign in to AWS (The AWS Management Console will open).

Step 2: Under Find Services, type “S3” in the search box and click on S3 Scalable Storage
in the Cloud.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Step 3: In the S3 console, click on Create bucket.

In the Create bucket pop-up, enter a Bucket name.

• The bucket name must be unique among all AWS bucket names.
• Once created, the name cannot be changed.
• Choose a name that’s descriptive of what the contents will be, particularly if you
will be using more than one bucket.
• Remember, there are no costs for data that are transferred between AWS
services within the same region. So, for example, if your bucket will be used to
store data to be processed by an EC2 Instance, make sure both are in the same
region.

Click Create.

Adding a File to a Bucket

• In the S3 buckets console, click on the bucket name to open the bucket. The
bucket contents window shows that the bucket is empty.
• Click on Upload.
• In the Upload pop-up window, you have the option to drag and drop files into the
bucket, or to click on Add files and navigate to the location of the files on your
computer
• When you have selected the files to add to your bucket, click on Upload.
• When the upload is complete, the files appear in your bucket.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Select the checkbox next to a filename to view information on the file.

Create, name, and save a folder

• Check the box in front of the file(s) you want to move to the new folder (1).
• Click on Actions (2) to open the dropdown menu, then click Copy (3).
• Click on the folder name to open the folder (4).
• Click on Actions, then click Paste.
• Use the browser back arrow to return to the main level of the bucket (or use the
breadcrumbs at the top of the bucket window to move one level up).
• Select the file(s) you moved, click on Actions, then click Delete.
• Confirm that you want to delete the files in the Delete objects pop-up window.
Click Delete.

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

Deleting a bucket
Note: Deleting a bucket deletes the bucket as well as its contents. If you want to keep the
bucket for future use and preserve the name, you can delete the content files
individually. Or you can empty the bucket, which deletes the contents without deleting
the bucket.

To delete files from a bucket

Use the steps outlined at the end of Working with Files in a Bucket.

To Empty Bucket

In the S3 buckets list, check the box in front of the bucket name. and click on empty

CSE-PIT(PU)
Enrolment No.2203051260037 Cloud Computing & Security (303105368)

To delete a bucket

• In the S3 buckets list, check the box in front of the bucket name.
• Click on Delete.

CSE-PIT(PU)

You might also like