Skip to content

The Open Door⚓︎

Difficulty:
Direct link: The Open Door

Objective⚓︎

Request

Help Goose Lucas in the hotel parking lot find the dangerously misconfigured Network Security Group rule that's allowing unrestricted internet access to sensitive ports like RDP or SSH.

Lucas

Screenshot 2026-04-20 202530

Solution⚓︎

Lucas asked me to audit the Dosis Neighborhood's Azure network security configuration for potential overly permissive NSG rules.

The terminal session introduced the challenge and the Azure CLI environment.

Screenshot 2026-04-21 121230

The first task was to list resource groups using the command:

List resource groups
1
az group list

The output listed the available resource groups which are theneighborhood-rg1 and theneighborhood-rg2.

Screenshot 2026-04-21 121429

The next task was to list resource groups in table format with the command:

List resource groups (table)
1
az group list -o table

The table made it easier to spot the neighborhood resource groups.

Screenshot 2026-04-21 121455

Task 3 asked to list network security groups using the command:

List NSGs
1
az network nsg list -o table

The output showed all NSGs and the resource group they are attached to.

Screenshot 2026-04-21 121601

The next tasks from here asked to inspect all NSGs and spot the one with a bad configuration. The first NSG to inspect was the web NSG for theneighborhood-rg1. I used the following command:

Show nsg-web-eastus
1
az network nag show --name nsg-web-eastus --resource-group theneighborhood-rg1 | less

The details show all rules of the web NSG but no particular rule with overly permissible access.

Screenshot 2026-04-21 121949

Additional details from the previous NSG output confirmed it was not the issue.

Screenshot 2026-04-21 122034

I inspected other NSGs including the management NSG using this command:

Show nsg-mgmt-eastus
1
az network nag show --name nsg-mgmt-eastus --resource-group theneighborhood-rg2 | less

The details still did not show the exposed rule.

Screenshot 2026-04-21 122740

Additional details from the management NSG confirmed no public exposure.

Screenshot 2026-04-21 122847

However, when inspecting the production NSG for theneighborhood-rg1, a particular rule with overly permissive access was found.

I used the following command:

Show nsg-production-eastus
1
az network nag show --name nsg-production-eastus --resource-group theneighborhood-rg1 | less

The rule named Allow-RDP-From-Internet is overly permissive since it allows unrestricted internet access to RDP port.

Screenshot 2026-04-21 123529

I decided to inspect the specific rule using the command:

Show Allow-RDP-From-Internet rule
1
az network nsg rule show --resource-group theneighborhood-rg1 --nsg-name nsg-production-eastus --name Allow-RDP-From-Internet

As visible on the screenshot, I also inspected the Allow-Jumpbox-Remote-Access rule which revealed that the rule does not give public RDP access.

However, the Allow-RDP-From-Internet rule showed unrestricted internet access to RDP, confirming the misconfiguration.

The challenge was also confirmed as a success.

Screenshot 2026-04-21 123926

The challenge completed after identifying the risky rule.

Screenshot 2026-04-21 123942

The objective was added to the achievements list.

Screenshot 2026-05-26 180632

Response⚓︎

Lucas

Ha! 'Properly protected' they said. More like 'properly exposed to the entire internet'! Good catch, amigo.