New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add kubernetes testing resources #15773
Add kubernetes testing resources #15773
Conversation
@@ -0,0 +1,18 @@ | |||
apiVersion: v2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most of the helm charts are the default helm chart boilerplate. I parameterised a few more values after that, and as a result the lucee and thinkphp charts are pretty similar, the values.yml only really differs at this point. I didn't want to introduce a reusable library chart until there's at least another app to test against, potentially with a database/volume claim setup.
40f7013
to
20c6b39
Compare
03f43f4
to
d6cd198
Compare
d6cd198
to
ff977d3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used this pretty extensively while working on PRs #15786 and #15733.
smcintyre@kubernetes:~/msf-pr-15773/kubernetes$ make lucee
helm upgrade --install lucee ./lucee
Release "lucee" has been upgraded. Happy Helming!
NAME: lucee
LAST DEPLOYED: Thu Oct 21 15:20:51 2021
NAMESPACE: default
STATUS: deployed
REVISION: 3
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=lucee,app.kubernetes.io/instance=lucee" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:9002 to use your application"
kubectl --namespace default port-forward $POD_NAME --address='0.0.0.0' 9002:$CONTAINER_PORT
smcintyre@kubernetes:~/msf-pr-15773/kubernetes$ make forward-lucee
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=lucee,app.kubernetes.io/instance=lucee" -o jsonpath="{.items[0].metadata.name}"); export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}"); echo; echo "Visit http://127.0.0.1:9002 to use your application"; kubectl --namespace default port-forward $POD_NAME --address='0.0.0.0' 9002:$CONTAINER_PORT
Visit http://127.0.0.1:9002 to use your application
Forwarding from 0.0.0.0:9002 -> 8888
^Cmake: *** [Makefile:34: forward-lucee] Interrupt
smcintyre@kubernetes:~/msf-pr-15773/kubernetes$ make admin-token
kubectl create -n default serviceaccount admin-sa --dry-run=client -o yaml | kubectl apply -f -
serviceaccount/admin-sa configured
kubectl create -n default clusterrolebinding admin-sa-binding --clusterrole=cluster-admin --serviceaccount=default:admin-sa --dry-run=client -o yaml | kubectl apply -f -
clusterrolebinding.rbac.authorization.k8s.io/admin-sa-binding configured
echo $(kubectl get secret -n default $(kubectl -n default get serviceaccount admin-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 -d)
eyJhbGciOiJSUzI1NiIsImtpZCI6IjhNUXp3a1NGVk1xQmV0ZGVTbzNxTTJhQ2Y4UHE4TVZlVjVQcVlkMlRPcTgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFkbWluLXNhLXRva2VuLTdzOThsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMmNjMDM1MzktNjhhYS00Mjg2LWE4ZmMtYjdmMDI5NzMzOGM5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWRtaW4tc2EifQ.rY4MMougu_xPsKsACXcbkJC7ueLzH3YMHlviEpR9o0rKHHAxjDLTK7sC9j1brBkV7oc2kFwbmrlvQ5LEleyeughXq_GfPm47CnUg2Orhv80a7gmJU_WP_mkLhD1xcb4d-7uzEk08V5lswxCTof7qQK7UQBaGI4k6d_6B15jkCBd8fFdl1XqMAN1rokM5YmIwq_i_Eu-hquZIEduqyW2p9V-JVMYC82mLFdffcsjvZeXfOLgr8yiFEvTUZUEnhqZFaLRiT4ioMWQ939fQvLoFVAcloSwk09GM_xS4_8oMCfJd4D5sSCtshN_cEMX_Ht-M2JwjK_tVLTCnbheOwTZPxw
smcintyre@kubernetes:~/msf-pr-15773/kubernetes$
Release NotesAdds a collection of useful commands for configuring a local or remote Kubernetes environment to aid with testing and exploring Metasploit's Kubernetes modules and pivoting capabilities. The resource files include deploying two vulnerable applications, and populating secrets which can be extracted and stored as loot, as well as utility commands for creating admin and service account tokens. |
Add an initial set of charts which can be used to verify Kubernetes enumeration/exploit modules:
secrets
- Create multiple Kubernetes Secrets to verify Metasploit's enumeration and loot storing capabilitiesthinkphp
- Vulnerable thinkphp application with full cluster accesslucee
- Vulnerable lucee application with minimal cluster accessI've added a useful docker setup for running helm/kubectl from docker, which could be used with CI in the future. I've also added a makefile with useful utilities in it, for installing the charts, port forwarding, creating service tokens, etc:
Verification
Ensure each of the readme steps work: