2.3. Switching seats

Time to switch seats. Until now, you’ve created and secured your services. Let’s see things from the other side.

Task 2.3.1: Deploy a scenario

For this task, we need to switch to a VM. Since we will have some intended “misconfiguration” scenarios, we won’t use the shared cluster but individual ones instead.

SSH into your VM: You find the relevant command in the file welcome. You can directly connect from the browser terminal:

ssh -i /home/project/id-ecdsa <namespace>@159.69.155.196

You should get a bash prompt. Now let’s set up your scenario. The first Kubernetes cluster of your company is up and running. The OS & Storage Team is quite proud of their achievements and they brag about it. To show off how secure everything is, you are even given a shell in a pod.

First, find 3 giveaways that you are indeed in a pod. Gather as much info as you can, and then show them some common oversights by finding the 2 hidden flags with the text ‘songlaa’.

Some hints:

  • It is a small cluster, only 1024 services are possible

Set up the infrastructure in your VM (it usually takes 1-2 minutes, don’t spoil it by looking at the file and stay in this shell for the CTF). You should get a prompt after 1-2 minutes:

bash <(curl -sL https://kubernetes-security.songlaa.com/seats-ctf/01/01setup.sh)

Task 2.3.2: Cleanup

After you’ve found all flags, exit the shell and remove the infrastructure:

exit

and to delete the virtual infrastructure:

bash <(curl -sL https://kubernetes-security.songlaa.com/seats-ctf/01/01cleanup.sh)

Task 2.3.3: Deploy a second scenario

Ready for more? Well, the OS & Storage Team did their homework and improved security. They joined forces with the networking team and they challenge you to break out of the boundary they’ve given you.

Some hints:

  • It is the same small cluster, only 1024 services are possible

Before entering the pod you need to set up the infrastructure in your VM (it usually takes 1-2 minutes, don’t spoil it by looking at the file):

echo "You should get a prompt in 1-2 minutes:"
bash <(curl -sL https://kubernetes-security.songlaa.com/seats-ctf/02/02setup.sh)

Now, try to find the single flag containing “songlaa”!

Task 2.3.4: Bonus round

Before taking down the infrastructure, try to make an internal service you may have found publicly accessible to the internet.

Task 2.3.5: Cleanup

Delete the cluster:

kind delete cluster

You can exit the VM for now and continue with the next lab.

Previous
Next