Spaces:
Running
Running
Ctrl+K
Here’s a Replit-specific generative code prompt for building a red team exercise playground: ⸻ Prompt: Generate a self-contained red team exercise playground deployable on Replit. The playground should simulate a basic enterprise environment for penetration testing and red team practice. The design should prioritize lightweight deployment, containerized services, and realistic vulnerabilities. Include the following: 1. Architecture • Simulate a minimal network environment using Docker-in-Replit (via replit.nix or alternative setup): • web1: vulnerable web server (e.g., PHP with LFI, SQLi, weak admin panel) • internal-api: misconfigured REST API with token leakage or insecure JWT • ftp-server: exposed anonymous login with weak ACLs • attacker-console: Kali-like terminal for running tools like nmap, sqlmap, and hydra 2. Vulnerabilities • Include: • Hardcoded admin credentials • Command injection point • Misconfigured CORS policy • Open ports with old SSH, FTP, MySQL services • Flag files at escalating levels (/flag1.txt, /flag2.txt, /root/flag3.txt) 3. Deployment • Use docker-compose.yml (or Replit-compatible alternatives) to manage multi-container setup • Include Replit-specific configuration (replit.nix, .replit, .env) • Allow port exposure via Replit’s webview for web targets 4. Scenarios • Write at least two attack scenarios: • Web-to-internal API pivot using SSRF • FTP credential theft leading to shell access and privilege escalation 5. Documentation • Generate a complete README.md with: • Step-by-step setup instructions for Replit • List of exposed ports and services • Scenario walkthroughs • Reset instructions 6. Security • Include sandbox warnings and disclaimer about ethical usage • Ensure isolation within Replit project Output: All files needed for deployment (source code, docker-compose.yml, .replit, replit.nix, README.md, flags, etc.) ⸻ Let me know if you’d like me to generate a working example or starter version of this playground. - Initial Deployment
d48752e verified