forked from kuhnskc/shellshock-container-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdemo-auto.sh
More file actions
executable file
·66 lines (51 loc) · 2.23 KB
/
Copy pathdemo-auto.sh
File metadata and controls
executable file
·66 lines (51 loc) · 2.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash
# CrowdStrike Demo Automation - Local Mac Orchestration
# Logging function
log() {
echo "$(date): $1"
}
log "Starting CrowdStrike demo orchestration from local Mac..."
# Phase 1: Deploy ConfigMap and Kubernetes pods
log "Deploying ConfigMap with demo scripts..."
kubectl apply -f demo-scripts.yaml
log "Deploying Kubernetes pods..."
kubectl apply -f demo-client.yaml
kubectl apply -f demo-server.yaml
# Wait for pods to be ready
log "Waiting for pods to be ready..."
kubectl wait --for=condition=Ready pod -l 'app.kubernetes.io/part-of=crowdstrike-demo' --timeout=600s
# Phase 2: Wait for Framework installation to complete
log "Waiting for demo server installation to complete..."
while ! kubectl exec deployment/demo-server -- which msfconsole >/dev/null 2>&1; do
log "Demo server still installing... waiting 30 seconds"
sleep 30
done
log "Demo server installation completed!"
# Phase 3: Copy post-exploit script and start Framework listener
log "Preparing post-exploitation script..."
kubectl exec deployment/demo-server -- cp /scripts/post_exploit.template /home/ubuntu/tradecraft/post_exploit.rc
# Phase 4: Start Framework listener
log "Starting demo server framework..."
log "Listener will run for 120 seconds with automatic post-exploitation"
# Start the listener in background and give it time to establish
kubectl exec deployment/demo-server -- bash -c 'msfconsole -q -r /home/ubuntu/tradecraft/startup.rc -r - <<EOF &
sleep 120
exit -y
EOF
wait' &
# Wait for listener to be fully established
log "Waiting for listener to fully establish..."
sleep 30
# Phase 5: Trigger single demo connection after listener is ready
log "Triggering Bash reverse shell connection from client pod..."
kubectl exec deployment/demo-client -- /app/demo-scripts/connect-demo.sh &
log "Single bash reverse shell connection triggered - post-exploitation will begin automatically"
# Wait for the attack session to complete
log "Waiting for attack session to complete..."
sleep 90
log "Demo session completed"
# Phase 6: Optional cleanup
log "Restarting client pod to clean state..."
kubectl rollout restart deployment demo-client -n default 2>/dev/null || true
log "CrowdStrike demo automation completed"
log "Check CrowdStrike Falcon console for detections!"