-
-
Notifications
You must be signed in to change notification settings - Fork 373
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into feat/add-eslint
- Loading branch information
Showing
7 changed files
with
143 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -309,7 +309,7 @@ The branch will contain a Docker container generation script using which you can | |
|
|
||
| We have 3 ways of playing CTFs: | ||
|
|
||
| - The quick "let's play"-approach based on our own Heroku domain [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com), which we documente for you here. | ||
| - The quick "let's play"-approach based on our own Heroku domain [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) or our Okteto domain [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/), which we documented for you here. | ||
| - A more extended approach documented in [ctf-instructions.md](/ctf-instructions.md). | ||
| - A fully customizable CTF setup where every player gets its own virtual instance of WrongSecrets and a virtual instance of the wrongsecrets-desktop, so they all can play hassle-free. For this you have to use [the WrongSecrets CTF Party setup](https://github.com/OWASP/wrongsecrets-ctf-party). | ||
|
|
||
|
|
@@ -318,20 +318,20 @@ We have 3 ways of playing CTFs: | |
| Want to use CTFD to play a CTF based on the free Heroku wrongsecrets-ctf instance together with CTFD? You can! | ||
|
|
||
| NOTE: CTFD support now works based on the [Juiceshop CTF CLI](https://github.com/juice-shop/juice-shop-ctf). | ||
| NOTE-II: [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) (temporary down based on lack of oss credits) is based on a free heroku instance, which takes time to warm up. | ||
| Initial creation of the zip file for CTFD requires you to visit [https://wrongsecrets-ctf.herokuapp.com/api/Challenges](https://wrongsecrets-ctf.herokuapp.com/api/Challenges) once before executing the steps below. | ||
| NOTE-II: [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) (temporary down based on lack of oss credits) is based on Heroku and has limited capacity. Alternatively you can use our Okteto setup at [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/), which uses a free tier and needs some time to warm up. However, the Okteto environment does have more resources & supports the kubernetes challenges, unlike our Heroku setup that only supports the Docker challenges. | ||
| Initial creation of the zip file for CTFD requires you to visit [https://wrongsecrets-ctf.herokuapp.com/api/Challenges](https://wrongsecrets-ctf.herokuapp.com/api/Challenges) or [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/) once before executing the steps below. | ||
|
|
||
| Follow the following steps: | ||
|
|
||
| ```shell | ||
| npm install -g [email protected] | ||
| juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T', feel free to enable hints. We do not support snippets or links/urls to code or hints. | ||
| juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com (or https://wrongsecrets-ctf-commjoen.cloud.okteto.net/) as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T', feel free to enable hints. We do not support snippets or links/urls to code or hints. | ||
| docker run -p 8001:8000 -it ctfd/ctfd:3.4.3 | ||
| ``` | ||
|
|
||
| Now visit the CTFD instance at [http://localhost:8001](http://localhost:8001) and setup your CTF. | ||
| Then use the administrative backup function to import the zipfile you created with the juice-shop-ctf command. | ||
| Game on using [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com)! | ||
| Game on using [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) or [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/)! | ||
| Want to setup your own? You can! Watch out for people finding your key though, so secure it properly: make sure the running container with the actual ctf-key is not exposed to the audience, similar to our heroku container. | ||
|
|
||
| ## FBCTF Support (Experimental!) | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| labels: | ||
| app: secret-challenge-ctf | ||
| name: secret-challenge-ctf | ||
| namespace: $OKTETO_NAMESPACE | ||
| spec: | ||
| progressDeadlineSeconds: 600 | ||
| replicas: 1 | ||
| revisionHistoryLimit: 10 | ||
| selector: | ||
| matchLabels: | ||
| app: secret-challenge-ctf | ||
| strategy: | ||
| rollingUpdate: | ||
| maxSurge: 25% | ||
| maxUnavailable: 25% | ||
| type: RollingUpdate | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: secret-challenge-ctf | ||
| name: secret-challenge-ctf | ||
| spec: | ||
| securityContext: | ||
| runAsUser: 2000 | ||
| runAsGroup: 2000 | ||
| fsGroup: 2000 | ||
| containers: | ||
| - image: jeroenwillemsen/wrongsecrets:1.5.14-no-vault | ||
| name: secret-challenge-ctf | ||
| imagePullPolicy: IfNotPresent | ||
| securityContext: | ||
| allowPrivilegeEscalation: false | ||
| readOnlyRootFilesystem: true | ||
| runAsNonRoot: true | ||
| capabilities: | ||
| drop: | ||
| - ALL | ||
| seccompProfile: | ||
| type: RuntimeDefault | ||
| ports: | ||
| - containerPort: 8080 | ||
| protocol: TCP | ||
| readinessProbe: | ||
| httpGet: | ||
| path: "/actuator/health/readiness" | ||
| port: 8080 | ||
| initialDelaySeconds: 30 | ||
| timeoutSeconds: 5 | ||
| periodSeconds: 5 | ||
| failureThreshold: 8 | ||
| livenessProbe: | ||
| httpGet: | ||
| path: "/actuator/health/liveness" | ||
| port: 8080 | ||
| initialDelaySeconds: 35 | ||
| timeoutSeconds: 30 | ||
| periodSeconds: 40 | ||
| failureThreshold: 5 | ||
| resources: | ||
| requests: | ||
| memory: "512Mi" | ||
| cpu: "200m" | ||
| ephemeral-storage: "1Gi" | ||
| limits: | ||
| memory: "512Mi" | ||
| cpu: "1000m" | ||
| ephemeral-storage: "2Gi" | ||
| volumeMounts: | ||
| - name: "ephemeral" | ||
| mountPath: "/tmp" | ||
| terminationMessagePath: /dev/termination-log | ||
| terminationMessagePolicy: File | ||
| env: | ||
| - name: ctf_enabled | ||
| value: "true" | ||
| - name: hints_enabled | ||
| value: "false" | ||
| - name: ctf_key | ||
| value: TRwzkRJnHOTckssAeyJbysWgP!Qc2T | ||
| - name: vaultpassword | ||
| value: if_you_see_this_please_use_K8S_and_Vault | ||
| - name: default_aws_value_challenge_9 | ||
| value: if_you_see_this_please_use_AWS_Setup | ||
| - name: default_aws_value_challenge_10 | ||
| value: if_you_see_this_please_use | ||
| - name: default_aws_value_challenge_11 | ||
| value: if_you_see_this_please_use | ||
| - name: canarytokenURLs | ||
| value: "https://canarytokens.org/history?token=cs07k832u9t1u4npowbvsw4mb&auth=7f75f2b2a4207c91fbc1ea59f7a495eb" | ||
| - name: challenge15ciphertext | ||
| value: "k9+HuPXEiFD6efujS5h1lOL1xgAC2OIgE2alg9JweUDy8k2SHUoG6I9FOhM1mgPKIUlyPWvROo+2T5p4qrAnuPYC/xAzVjGDUoN4eIXdXn+gwcYmL+Be8TodjXUt9U3g1/B9O2wyVZTT9Q839FaDHeBR4Og=" | ||
| - name: challenge_acht_ctf_host_value | ||
| value: "not set" | ||
| - name: K8S_ENV | ||
| value: Okteto(k8s) | ||
| - name: SPECIAL_K8S_SECRET | ||
| valueFrom: | ||
| configMapKeyRef: | ||
| name: secrets-file | ||
| key: funny.entry | ||
| - name: SPECIAL_SPECIAL_K8S_SECRET | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: funnystuff | ||
| key: funnier | ||
| volumes: | ||
| - name: "ephemeral" | ||
| emptyDir: {} | ||
| dnsPolicy: ClusterFirst | ||
| restartPolicy: Always | ||
| schedulerName: default-scheduler | ||
| terminationGracePeriodSeconds: 30 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: wrongsecrets-ctf | ||
| spec: | ||
| type: LoadBalancer | ||
| ports: | ||
| - name: http | ||
| port: 8080 | ||
| selector: | ||
| app: secret-challenge-ctf |