crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits b77d6b17
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    Dockerfile.web
    1  -FROM jeroenwillemsen/wrongsecrets:1.5.5-no-vault
    2  -ARG argBasedVersion="1.5.5"
     1 +FROM jeroenwillemsen/wrongsecrets:1.5.6-no-vault
     2 +ARG argBasedVersion="1.5.6"
    3 3  ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
    4 4  ARG CTF_ENABLED=false
    5 5  ARG HINTS_ENABLED=true
    skipped 28 lines
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 9 lines
    10 10  secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different
    11 11  secrets by means of various tools and techniques.
    12 12   
    13  -Can you solve all the 25 challenges?
     13 +Can you solve all the 27 challenges?
    14 14  ![screenshot.png](screenshot.png)
    15 15   
    16 16  ## Support
    skipped 7 lines
    24 24   
    25 25  ## Basic docker exercises
    26 26   
    27  -_Can be used for challenges 1-4, 8, 12-25_
     27 +_Can be used for challenges 1-4, 8, 12-27_
    28 28   
    29 29  For the basic docker exercises you currently require:
    30 30   
    skipped 27 lines
    58 58  - [localhost:8080/challenge/23](http://localhost:8080/challenge/23)
    59 59  - [localhost:8080/challenge/24](http://localhost:8080/challenge/24)
    60 60  - [localhost:8080/challenge/25](http://localhost:8080/challenge/25)
     61 +- [localhost:8080/challenge/25](http://localhost:8080/challenge/26)
     62 +- [localhost:8080/challenge/25](http://localhost:8080/challenge/27)
    61 63   
    62 64  Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look
    63 65  better ;-).
    skipped 19 lines
    83 85   
    84 86  ## Basic K8s exercise
    85 87   
    86  -_Can be used for challenges 1-6, 8, 12-25_
     88 +_Can be used for challenges 1-6, 8, 12-27_
    87 89   
    88 90  ### Minikube based
    89 91   
    skipped 44 lines
    134 136   
    135 137  ## Vault exercises with minikube
    136 138   
    137  -_Can be used for challenges 1-8, 12-25_
     139 +_Can be used for challenges 1-8, 12-27_
    138 140  Make sure you have the following installed:
    139 141   
    140 142  - minikube with docker (or comment out line 8 and work at your own k8s setup),
    skipped 13 lines
    154 156   
    155 157  ## Cloud Challenges
    156 158   
    157  -_Can be used for challenges 1-25_
     159 +_Can be used for challenges 1-27_
    158 160   
    159 161  **READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
    160 162  never run this on an account which is related to your production environment or can influence your account-over-arching
    skipped 50 lines
    211 213  - [Marcin Nowak @MarcinNowak-codes](https://github.com/MarcinNowak-codes)
    212 214  - [Joss Sparkes @remakingeden](https://github.com/remakingeden)
    213 215  - [Tibor Hercz @tiborhercz](https://github.com/tiborhercz)
    214  -- [Filip Chyla @fchyla](https://github.com/fchyla)
    215 216  - [Chris Elbring Jr. @neatzsche](https://github.com/neatzsche)
     217 +- [Filip Chyla @fchyla](https://github.com/fchyla)
    216 218  - [Dmitry Litosh @Dlitosh](https://github.com/Dlitosh)
    217 219  - [Josh Grossman @tghosth](https://github.com/tghosth)
    218 220  - [Spyros @northdpole](https://github.com/northdpole)
    skipped 196 lines
  • ■ ■ ■ ■
    aws/k8s/secret-challenge-vault-deployment.yml
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-aws-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:1.5.6-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 31 lines
  • ■ ■ ■ ■
    azure/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 34 lines
    35 35   volumeAttributes:
    36 36   secretProviderClass: "azure-wrongsecrets-vault"
    37 37   containers:
    38  - - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
     38 + - image: jeroenwillemsen/wrongsecrets:1.5.6-k8s-vault
    39 39   imagePullPolicy: IfNotPresent
    40 40   ports:
    41 41   - containerPort: 8080
    skipped 38 lines
  • ■ ■ ■ ■
    fly.toml
    skipped 8 lines
    9 9   dockerfile = "Dockerfile"
    10 10   
    11 11  [build.args]
    12  - argBasedVersion="1.5.5"
     12 + argBasedVersion="1.5.6"
    13 13   spring_profile="without-vault"
    14 14   
    15 15  [env]
    skipped 33 lines
  • ■ ■ ■ ■
    gcp/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-gcp-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:1.5.6-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 33 lines
  • ■ ■ ■ ■
    okteto/k8s/secret-challenge-deployment.yml
    skipped 27 lines
    28 28   runAsGroup: 2000
    29 29   fsGroup: 2000
    30 30   containers:
    31  - - image: jeroenwillemsen/wrongsecrets:1.5.5-no-vault
     31 + - image: jeroenwillemsen/wrongsecrets:1.5.6-no-vault
    32 32   imagePullPolicy: IfNotPresent
    33 33   ports:
    34 34   - containerPort: 8080
    skipped 23 lines
  • ■ ■ ■ ■
    src/main/resources/templates/welcome.html
    skipped 90 lines
    91 91   <li><a href="https://github.com/MarcinNowak-codes">Marcin Nowak @MarcinNowak-codes</a></li>
    92 92   <li><a href="https://github.com/remakingeden">Joss Sparkes @remakingeden</a></li>
    93 93   <li><a href="https://github.com/tiborhercz">Tibor Hercz @tiborhercz</a></li>
    94  - <li><a href="https://github.com/fchyla">Filip Chyla @fchyla</a></li>
    95 94   <li><a href="https://github.com/neatzsche">Chris Elbring Jr. @neatzsche</a>
     95 + <li><a href="https://github.com/fchyla">Filip Chyla @fchyla</a></li>
    96 96   <li><a href="https://github.com/Dlitosh">Dmitry Litosh @Dlitosh</a></li>
    97 97   <li><a href="https://github.com/tghosth">Josh Grossman @tghosth</a></li>
    98 98   <li><a href="https://github.com/northdpole">Spyros @northdpole</a></li>
    skipped 69 lines
  • ■ ■ ■ ■
    wrongsecret-desktop-resources/welcome.md
    skipped 19 lines
    20 20  - AWS-cli for AWS challenges (Use it with `aws` in the commandline)
    21 21  - KeepassXC for password manager related challenges (Use it with `keepassXC` in the commandline)
    22 22  - Firefox
    23  -- Docker (disabled in clod env)
     23 +- Docker (disabled in cloud env)
    24 24  - Kubectl
    25 25  - Geany to have a look at the code (use it with `geany` in the commandline)
    26 26   
    skipped 16 lines
Please wait...
Page is in error, reload to recover