You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8-7
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@
6
6
7
7
Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques.
8
8
9
-
Can you solve all the 20 challenges?
9
+
Can you solve all the 21 challenges?
10
10
11
11
12
12
## Support
@@ -15,7 +15,7 @@ Need support? Contact us via [OWASP Slack](https://owasp.slack.com/archives/C02K
15
15
16
16
## Basic docker exercises
17
17
18
-
_Can be used for challenges 1-4, 8, 12-20_
18
+
_Can be used for challenges 1-4, 8, 12-21_
19
19
20
20
For the basic docker exercises you currently require:
21
21
@@ -25,7 +25,7 @@ For the basic docker exercises you currently require:
25
25
You can install it by doing:
26
26
27
27
```bash
28
-
docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.4.5-no-vault
28
+
docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.4.6-no-vault
29
29
```
30
30
31
31
Now you can try to find the secrets by means of solving the challenge offered at:
@@ -44,6 +44,7 @@ Now you can try to find the secrets by means of solving the challenge offered at
Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look better ;-).
49
50
@@ -60,7 +61,7 @@ You can test them out at [https://wrongsecrets.herokuapp.com/](https://wrongsecr
60
61
61
62
## Basic K8s exercise
62
63
63
-
_Can be used for challenges 1-6, 8, 12-19_
64
+
_Can be used for challenges 1-6, 8, 12-21_
64
65
65
66
### Minikube based
66
67
@@ -107,7 +108,7 @@ now you can use the provided IP address and port to further play with the K8s va
107
108
108
109
## Vault exercises with minikube
109
110
110
-
_Can be used for challenges 1-8, 12-19_
111
+
_Can be used for challenges 1-8, 12-21_
111
112
Make sure you have the following installed:
112
113
113
114
- minikube with docker (or comment out line 8 and work at your own k8s setup),
@@ -118,13 +119,13 @@ Make sure you have the following installed:
118
119
- vault [Install from here](https://www.vaultproject.io/downloads),
119
120
- grep, Cat, and Sed
120
121
121
-
Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-20.
122
+
Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-21.
122
123
123
124
When you stopped the `k8s-vault-minikube-start.sh` script and want to resume the port forward run: `k8s-vault-minikube-resume.sh`. This is because if you run the start script again it will replace the secret in the vault and not update the secret-challenge application with the new secret.
124
125
125
126
## Cloud Challenges
126
127
127
-
_Can be used for challenges 1-20_
128
+
_Can be used for challenges 1-21_
128
129
129
130
**READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
130
131
never run this on an account which is related to your production environment or can influence your account-over-arching resources.
0 commit comments