This is a step-by-step guide to creating multiple user accounts in Amazon EC2 Linux instances, using individual self-generated key pairs . This helps small organizations to allow multiple users to get access to such instances without having to share keys or accounts.

The public / private key pair is generated on your local machine and the private key is uploaded to S3. When launching the EC2 instance via the wizard, you can now choose to Proceed without a key pair.

For Linux / Mac users :

1. To create Public and Private keys use the following command

$ ssh-keygen -t rsa -b 4096        (This creates a 4096 bit RSA key pair)

      2. Upload the public key to a folder in your S3 bucket. For example :

S3 > MyBucket > Keypair

      3. Save and secure your private key.


For Windows users :

1. Use puttygen to generate the keys.
2. Follow tutorials in DigitalOcean to create SSH keys.
3. Upload the public key to S3 > MyBucket > Keypair
4. Save and secure your private key.

The following steps are important during the launch of any Linux AMI.

1. Ensure the IAM role has a role created with AmazonS3FullAccess policy. This allows the instance to assume a role to access the S3 buckets. This is needed to read the public keys from S3 and copy them to the user profile.

IAM > Roles




Launch Instance > Configure Instance Details 






2. Add the following code under the user-data section in Configure Instance details > Advanced Details (as Text) :

######## AWS LINUX #########

#!/bin/bash
useradd user1
usermod -aG wheel user1
mkdir /home/user1/.ssh/
aws s3 cp s3://MyBucket /Keypair/user1-pub.pub     /home/user1/.ssh/authorized_keys

useradd user2
usermod -aG wheel user2
mkdir /home/user2/.ssh/
aws s3 cp s3://MyBucket /Keypair/user2-pub.pub     /home/user2/.ssh/authorized_keys

sudo -i
echo "user1 ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
echo "user2 ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

yum update -y

######## UBUNTU #########

#!/bin/bash
apt-get install -y awscli
useradd user1
usermod -aG sudo user1
mkdir /home/user1/.ssh/
aws s3 cp s3://MyBucket /Keypair/user1-pub.pub     /home/user1/.ssh/authorized_keys

useradd user2
usermod -aG sudo user2
mkdir /home/user2/.ssh/
aws s3 cp s3://MyBucket /Keypair/user2-pub.pub     /home/user2/.ssh/authorized_keys

sudo -i
echo "user1 ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
echo "user2 ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
exit

apt-get update -y

This setup creates User1 and User2 and adds them to sudo users. The aws s3 cp command copies the users public keys from the S3 folder to their .ssh/authorized_keys path. The last section is to run commands as admin without needing passwords.

There are lots of security improvements that can be recommended here. While not explicitly used in this example, limiting S3 bucket access to a specific bucket and knowing the security implications of disabling password usage in sudo, are few things that can be highlighted. Use them wisely based on your particular needs.

Metasploitable3 has been around for quite a while and has been used by professionals, students, and researchers alike to improve their skillset. This has improved a great deal over the previous generation Metasploitable2. With new exploits were coming out out every day, the community needed something more where you dont get satisfied with straight-forward to play environment to get a high privileged shell.

I tried building this automatically several times as posted on Github , but it failed mostly when vagrant uses up the /tmp space (where i allocated ~1.5GB).

If you face this issue, replace the instruction posted in the manual install section at step 2 with

$ TMPDIR = /var/tmp packer build windows_2008_r2.json

and continue with the rest of the steps. It takes around 10-15 minutes to finish and once ready , you are greeted with

As this is a trial license of Windows Server 2008 R2 , you may want to read the wiki page for Windows Product key and Tips and Tricks for building a persistent VM.

I shall be writing a Metasploitable3 walkthrough soon. Your feedback is welcome.