Update POM file with new version: 1.5.6

OWASP · Sep 29, 2022 · b77d6b1 · b77d6b1
1 parent e8db22d
commit b77d6b1
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 15 deletions.
diff --git a/Dockerfile.web b/Dockerfile.web
@@ -1,5 +1,5 @@
-FROM jeroenwillemsen/wrongsecrets:1.5.5-no-vault
-ARG argBasedVersion="1.5.5"
+FROM jeroenwillemsen/wrongsecrets:1.5.6-no-vault
+ARG argBasedVersion="1.5.6"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ARG CTF_ENABLED=false
 ARG HINTS_ENABLED=true

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed va
 secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different
 secrets by means of various tools and techniques.
 
-Can you solve all the 25 challenges?
+Can you solve all the 27 challenges?
 ![screenshot.png](screenshot.png)
 
 ## Support
@@ -24,7 +24,7 @@ based project, so it might take a little while before we respond.
 
 ## Basic docker exercises
 
-_Can be used for challenges 1-4, 8, 12-25_
+_Can be used for challenges 1-4, 8, 12-27_
 
 For the basic docker exercises you currently require:
 
@@ -58,6 +58,8 @@ Now you can try to find the secrets by means of solving the challenge offered at
 - [localhost:8080/challenge/23](http://localhost:8080/challenge/23)
 - [localhost:8080/challenge/24](http://localhost:8080/challenge/24)
 - [localhost:8080/challenge/25](http://localhost:8080/challenge/25)
+- [localhost:8080/challenge/25](http://localhost:8080/challenge/26)
+- [localhost:8080/challenge/25](http://localhost:8080/challenge/27)
 
 Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look
 better ;-).
@@ -83,7 +85,7 @@ spoiling it for others that want to testdrive it.
 
 ## Basic K8s exercise
 
-_Can be used for challenges 1-6, 8, 12-25_
+_Can be used for challenges 1-6, 8, 12-27_
 
 ### Minikube based
 
@@ -134,7 +136,7 @@ Don't want to go over the hassle of setting up K8S yourself? visit [https://wron
 
 ## Vault exercises with minikube
 
-_Can be used for challenges 1-8, 12-25_
+_Can be used for challenges 1-8, 12-27_
 Make sure you have the following installed:
 
 - minikube with docker (or comment out line 8 and work at your own k8s setup),
@@ -154,7 +156,7 @@ vault and not update the secret-challenge application with the new secret.
 
 ## Cloud Challenges
 
-_Can be used for challenges 1-25_
+_Can be used for challenges 1-27_
 
 **READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
 never run this on an account which is related to your production environment or can influence your account-over-arching
@@ -211,8 +213,8 @@ Top contributors:
 - [Marcin Nowak @MarcinNowak-codes](https://github.com/MarcinNowak-codes)
 - [Joss Sparkes @remakingeden](https://github.com/remakingeden)
 - [Tibor Hercz @tiborhercz](https://github.com/tiborhercz)
-- [Filip Chyla @fchyla](https://github.com/fchyla)
 - [Chris Elbring Jr. @neatzsche](https://github.com/neatzsche)
+- [Filip Chyla @fchyla](https://github.com/fchyla)
 - [Dmitry Litosh @Dlitosh](https://github.com/Dlitosh)
 - [Josh Grossman @tghosth](https://github.com/tghosth)
 - [Spyros @northdpole](https://github.com/northdpole)

diff --git a/aws/k8s/secret-challenge-vault-deployment.yml b/aws/k8s/secret-challenge-vault-deployment.yml
@@ -37,7 +37,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.5.6-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

diff --git a/azure/k8s/secret-challenge-vault-deployment.yml.tpl b/azure/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -35,7 +35,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "azure-wrongsecrets-vault"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.5.6-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

diff --git a/fly.toml b/fly.toml
@@ -9,7 +9,7 @@ processes = []
   dockerfile = "Dockerfile"
 
 [build.args]
-  argBasedVersion="1.5.5"
+  argBasedVersion="1.5.6"
   spring_profile="without-vault"
 
 [env]

diff --git a/gcp/k8s/secret-challenge-vault-deployment.yml.tpl b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -37,7 +37,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-gcp-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.5.5-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.5.6-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

diff --git a/okteto/k8s/secret-challenge-deployment.yml b/okteto/k8s/secret-challenge-deployment.yml
@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.5.5-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.5.6-no-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

diff --git a/src/main/resources/templates/welcome.html b/src/main/resources/templates/welcome.html
@@ -91,8 +91,8 @@
                         <li><a href="https://github.com/MarcinNowak-codes">Marcin Nowak @MarcinNowak-codes</a></li>
                         <li><a href="https://github.com/remakingeden">Joss Sparkes @remakingeden</a></li>
                         <li><a href="https://github.com/tiborhercz">Tibor Hercz @tiborhercz</a></li>
-                        <li><a href="https://github.com/fchyla">Filip Chyla @fchyla</a></li>
                         <li><a href="https://github.com/neatzsche">Chris Elbring Jr. @neatzsche</a>
+                        <li><a href="https://github.com/fchyla">Filip Chyla @fchyla</a></li>
                         <li><a href="https://github.com/Dlitosh">Dmitry Litosh @Dlitosh</a></li>
                         <li><a href="https://github.com/tghosth">Josh Grossman @tghosth</a></li>
                         <li><a href="https://github.com/northdpole">Spyros @northdpole</a></li>

diff --git a/wrongsecret-desktop-resources/welcome.md b/wrongsecret-desktop-resources/welcome.md
@@ -20,7 +20,7 @@ The WrongSecrets Desktop contains the following tools:
 - AWS-cli for AWS challenges (Use it with `aws` in the commandline)
 - KeepassXC for password manager related challenges (Use it with `keepassXC` in the commandline)
 - Firefox
-- Docker (disabled in clod env)
+- Docker (disabled in cloud env)
 - Kubectl
 - Geany to have a look at the code (use it with `geany` in the commandline)