2.3. Switching seats

Time to switch seats. Until now, you’ve created and secured your services. Let’s see things from the other side.

Task 2.3.1: Deploy a scenario

For this task, we need to switch to a VM. Since we will have some intended “misconfiguration” scenarios, we won’t use the shared cluster but individual ones instead.

SSH into your VM: You find the relevant command in the file welcome. You can directly connect from the browser terminal:

ssh -i /home/project/id-ecdsa <namespace>@159.69.155.196

You should get a bash prompt. Now let’s set up your scenario. The first Kubernetes cluster of your company is up and running. The OS & Storage Team is quite proud of their achievements and they brag about it. To show off how secure everything is, you are even given a shell in a pod.

First, find 3 giveaways that you are indeed in a pod. Gather as much info as you can, and then show them some common oversights by finding the 2 hidden flags with the text ‘songlaa’.

Some hints:

  • It is a small cluster, only 1024 services are possible

Set up the infrastructure in your VM (it usually takes 1-2 minutes, don’t spoil it by looking at the file and stay in this shell for the CTF). You should get a prompt after 1-2 minutes:

bash <(curl -sL https://kubernetes-security.songlaa.com/seats-ctf/01/01setup.sh)

Task 2.3.2: Cleanup

After you’ve found all flags, exit the shell and remove the infrastructure:

exit

and to delete the virtual infrastructure:

bash <(curl -sL https://kubernetes-security.songlaa.com/seats-ctf/01/01cleanup.sh)

Task 2.3.3: Deploy a second scenario

Ready for more?

Well, the OS & Storage Team did their homework and improved security. They joined forces with the networking team and they challenge you to break out of the boundary they have given you.

Some hints:

  • It is a same small cluster, only 1024 services are possible

Before entering the pod you need to set up the infrastructure in your VM (it usually takes 1-2 minutes, don’t spoil it by looking at the file):

echo "You should get a prompt in 1-2 minutes:"
bash <(curl -sL https://kubernetes-security.songlaa.com/seats-ctf/02/02setup.sh)

Now, try to find the single flag containing “songlaa”!

Task 2.3.4: Bonus round

You can exit the pod.

exit

Before taking down the infrastructure, in case you found a service which should only be available inside the company. Can you find way to make it publicly accessible?

Task 2.3.5: Cleanup

Delete the cluster:

kind delete cluster

You can exit the VM for now and continue with the next lab.

Previous
Next