crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits 8f055aa8
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    Dockerfile.web
    1  -FROM jeroenwillemsen/wrongsecrets:1.5.1-no-vault
     1 +FROM jeroenwillemsen/wrongsecrets:1.5.2-no-vault
    2 2   
    3  -ARG argBasedVersion="1.5.1"
     3 +ARG argBasedVersion="1.5.2"
    4 4  ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
    5 5  ARG CTF_ENABLED=false
    6 6  ARG HINTS_ENABLED=true
    skipped 26 lines
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 16 lines
    17 17   
    18 18  ## Basic docker exercises
    19 19   
    20  -_Can be used for challenges 1-4, 8, 12-22_
     20 +_Can be used for challenges 1-4, 8, 12-23_
    21 21   
    22 22  For the basic docker exercises you currently require:
    23 23   
    skipped 3 lines
    27 27  You can install it by doing:
    28 28   
    29 29  ```bash
    30  -docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.5.1-no-vault
     30 +docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.5.2-no-vault
    31 31  ```
    32 32   
    33 33  Now you can try to find the secrets by means of solving the challenge offered at:
    skipped 14 lines
    48 48  - [localhost:8080/challenge/20](http://localhost:8080/challenge/20)
    49 49  - [localhost:8080/challenge/21](http://localhost:8080/challenge/21)
    50 50  - [localhost:8080/challenge/22](http://localhost:8080/challenge/22)
     51 +- [localhost:8080/challenge/23](http://localhost:8080/challenge/23)
    51 52   
    52 53  Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look better ;-).
    53 54   
    skipped 10 lines
    64 65   
    65 66  ## Basic K8s exercise
    66 67   
    67  -_Can be used for challenges 1-6, 8, 12-22_
     68 +_Can be used for challenges 1-6, 8, 12-23_
    68 69   
    69 70  ### Minikube based
    70 71   
    skipped 40 lines
    111 112   
    112 113  ## Vault exercises with minikube
    113 114   
    114  -_Can be used for challenges 1-8, 12-22_
     115 +_Can be used for challenges 1-8, 12-23_
    115 116  Make sure you have the following installed:
    116 117   
    117 118  - minikube with docker (or comment out line 8 and work at your own k8s setup),
    skipped 10 lines
    128 129   
    129 130  ## Cloud Challenges
    130 131   
    131  -_Can be used for challenges 1-22_
     132 +_Can be used for challenges 1-23_
    132 133   
    133 134  **READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
    134 135  never run this on an account which is related to your production environment or can influence your account-over-arching resources.
    skipped 211 lines
  • ■ ■ ■ ■
    aws/k8s/secret-challenge-vault-deployment.yml
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-aws-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.5.1-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:1.5.2-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 31 lines
  • ■ ■ ■ ■
    azure/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 34 lines
    35 35   volumeAttributes:
    36 36   secretProviderClass: "azure-wrongsecrets-vault"
    37 37   containers:
    38  - - image: jeroenwillemsen/wrongsecrets:1.5.1-k8s-vault
     38 + - image: jeroenwillemsen/wrongsecrets:1.5.2-k8s-vault
    39 39   imagePullPolicy: IfNotPresent
    40 40   ports:
    41 41   - containerPort: 8080
    skipped 36 lines
  • ■ ■ ■ ■
    gcp/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-gcp-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.5.1-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:1.5.2-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 33 lines
  • ■ ■ ■ ■
    k8s/secret-challenge-deployment.yml
    skipped 27 lines
    28 28   runAsGroup: 2000
    29 29   fsGroup: 2000
    30 30   containers:
    31  - - image: jeroenwillemsen/wrongsecrets:1.5.1-no-vault
     31 + - image: jeroenwillemsen/wrongsecrets:1.5.2-no-vault
    32 32   imagePullPolicy: IfNotPresent
    33 33   ports:
    34 34   - containerPort: 8080
    skipped 23 lines
  • ■ ■ ■ ■
    k8s/secret-challenge-vault-deployment.yml
    skipped 29 lines
    30 30   runAsNonRoot: true
    31 31   serviceAccountName: vault
    32 32   containers:
    33  - - image: jeroenwillemsen/wrongsecrets:1.5.1-k8s-vault
     33 + - image: jeroenwillemsen/wrongsecrets:1.5.2-k8s-vault
    34 34   imagePullPolicy: IfNotPresent
    35 35   ports:
    36 36   - containerPort: 8080
    skipped 27 lines
Please wait...
Page is in error, reload to recover