This Terraform scripts deploy a small environment which can be used to demonstrate vulnerabilities caused by misconfigured SAPRouter Instances inside of a company.
The Setup consist of the following components:
- Attacker VM (Ubuntu 20.04)
- SAPRouter VM (Ubuntu 20.04)
- Internal Server VM (Ubuntu 20.04)
- FortiGate VM
DMZ Net
+----------------+
| |
+----------+ SAPRouter VM |
| | |
Public Net | +----------------+
+---------------+ +------------+---+
| | | |
| Attacker VM +----------+ FortiGate VM |
| | | |
+---------------+ +------------+---+ Internal Net
| +--------------------+
| | |
+----------+ Internal Server |
| |
+--------------------+- Fillout the required variables within
terraform.tfvars(Example: terraform.tfvarsexample)
subscription_id = ""
client_id = ""
client_secret = ""
tenant_id = ""
size = ""
adminusername = ""
adminpassword = ""
flexvm_token = ""- enter a valid license into
./configurations/license.txtor provide a FortiFlex license token. - Initilize terraform environment
$ terraform init- Check & Deploy the demo environment
$ terraform plan
...[snip]...
$ terraform apply
...[snip]...- After a successfull deployment, you will be provided with the necessary IP address and login credentials.
- You can login to the Attacker VM via SSH key and the public IP (Example)
$ ssh -i ssh_key.pem [email protected]- In addition, you can logon to FortiGate via the username/password & public IP address provided by terraform.