crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits ea269c05
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    Dockerfile.web
    1  -FROM jeroenwillemsen/wrongsecrets:1.5.4-no-vault
    2  -ARG argBasedVersion="1.5.4"
     1 +FROM jeroenwillemsen/wrongsecrets:1.5.5-no-vault
     2 +ARG argBasedVersion="1.5.5"
    3 3  ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
    4 4  ARG CTF_ENABLED=false
    5 5  ARG HINTS_ENABLED=true
    skipped 28 lines
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 9 lines
    10 10  secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different
    11 11  secrets by means of various tools and techniques.
    12 12   
    13  -Can you solve all the 24 challenges?
     13 +Can you solve all the 25 challenges?
    14 14  ![screenshot.png](screenshot.png)
    15 15   
    16 16  ## Support
    skipped 7 lines
    24 24   
    25 25  ## Basic docker exercises
    26 26   
    27  -_Can be used for challenges 1-4, 8, 12-24_
     27 +_Can be used for challenges 1-4, 8, 12-25_
    28 28   
    29 29  For the basic docker exercises you currently require:
    30 30   
    skipped 26 lines
    57 57  - [localhost:8080/challenge/22](http://localhost:8080/challenge/22)
    58 58  - [localhost:8080/challenge/23](http://localhost:8080/challenge/23)
    59 59  - [localhost:8080/challenge/24](http://localhost:8080/challenge/24)
     60 +- [localhost:8080/challenge/25](http://localhost:8080/challenge/25)
    60 61   
    61 62  Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look
    62 63  better ;-).
    skipped 19 lines
    82 83   
    83 84  ## Basic K8s exercise
    84 85   
    85  -_Can be used for challenges 1-6, 8, 12-24_
     86 +_Can be used for challenges 1-6, 8, 12-25_
    86 87   
    87 88  ### Minikube based
    88 89   
    skipped 44 lines
    133 134   
    134 135  ## Vault exercises with minikube
    135 136   
    136  -_Can be used for challenges 1-8, 12-24_
     137 +_Can be used for challenges 1-8, 12-25_
    137 138  Make sure you have the following installed:
    138 139   
    139 140  - minikube with docker (or comment out line 8 and work at your own k8s setup),
    skipped 13 lines
    153 154   
    154 155  ## Cloud Challenges
    155 156   
    156  -_Can be used for challenges 1-24_
     157 +_Can be used for challenges 1-25_
    157 158   
    158 159  **READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
    159 160  never run this on an account which is related to your production environment or can influence your account-over-arching
    skipped 254 lines
  • ■ ■ ■ ■
    aws/k8s/secret-challenge-vault-deployment.yml
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-aws-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.5.4-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 31 lines
  • ■ ■ ■ ■
    azure/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 34 lines
    35 35   volumeAttributes:
    36 36   secretProviderClass: "azure-wrongsecrets-vault"
    37 37   containers:
    38  - - image: jeroenwillemsen/wrongsecrets:1.5.4-k8s-vault
     38 + - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
    39 39   imagePullPolicy: IfNotPresent
    40 40   ports:
    41 41   - containerPort: 8080
    skipped 38 lines
  • ■ ■ ■ ■
    fly.toml
    skipped 8 lines
    9 9   dockerfile = "Dockerfile"
    10 10   
    11 11  [build.args]
    12  - argBasedVersion="1.5.4"
     12 + argBasedVersion="1.5.5"
    13 13   spring_profile="without-vault"
    14 14   
    15 15  [env]
    skipped 33 lines
  • ■ ■ ■ ■
    gcp/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-gcp-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.5.4-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 33 lines
  • ■ ■ ■ ■
    okteto/k8s/secret-challenge-deployment.yml
    skipped 27 lines
    28 28   runAsGroup: 2000
    29 29   fsGroup: 2000
    30 30   containers:
    31  - - image: jeroenwillemsen/wrongsecrets:1.5.4-no-vault
     31 + - image: jeroenwillemsen/wrongsecrets:1.5.5-no-vault
    32 32   imagePullPolicy: IfNotPresent
    33 33   ports:
    34 34   - containerPort: 8080
    skipped 23 lines
Please wait...
Page is in error, reload to recover