forked from kuhnskc/shellshock-container-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdemo-server.yaml
More file actions
103 lines (98 loc) · 3.23 KB
/
Copy pathdemo-server.yaml
File metadata and controls
103 lines (98 loc) · 3.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-server
labels:
app.kubernetes.io/name: demo-server
app.kubernetes.io/part-of: crowdstrike-demo
app.kubernetes.io/created-by: crowdstrike
spec:
selector:
matchLabels:
run: demo-server
replicas: 1
template:
metadata:
labels:
run: demo-server
app.kubernetes.io/name: demo-server
app.kubernetes.io/part-of: crowdstrike-demo
app.kubernetes.io/created-by: crowdstrike
annotations:
sensor.falcon-system.crowdstrike.com/injection: disabled
spec:
containers:
- name: demo-server
image: ubuntu:22.04
imagePullPolicy: Always
env:
- name: FALCON_CLIENT_ID
valueFrom:
secretKeyRef:
name: crowdstrike-api-credentials
key: client_id
optional: true
- name: FALCON_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: crowdstrike-api-credentials
key: client_secret
optional: true
- name: DEBIAN_FRONTEND
value: "noninteractive"
- name: TZ
value: "UTC"
# Install Framework and dependencies, then run automation
command: ["/bin/bash"]
args:
- "-c"
- |
# Update system and install dependencies
apt-get update && apt-get install -y \
curl wget git python3 python3-pip ruby ruby-dev build-essential \
libssl-dev zlib1g-dev libyaml-dev libffi-dev libxml2-dev \
libxslt-dev libreadline-dev libncurses5-dev libgdbm-dev \
libdb-dev libpcap-dev nmap postgresql-client
# Install Framework
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
./msfinstall
# Install Python dependencies
pip3 install crowdstrike-falconpy requests
# Create workspace and copy scripts from ConfigMap
mkdir -p /home/ubuntu/tradecraft
cp /scripts/* /home/ubuntu/tradecraft/ 2>/dev/null || true
cd /home/ubuntu/tradecraft
# Make scripts executable
chmod +x startup.rc post_exploit.template 2>/dev/null || true
# Keep container alive - automation will be controlled from local auto.sh
tail -f /dev/null
ports:
- containerPort: 4444
name: demo-c2
volumeMounts:
- name: demo-attack-scripts
mountPath: /scripts
volumes:
- name: demo-attack-scripts
configMap:
name: demo-attack-scripts
defaultMode: 0755
---
apiVersion: v1
kind: Service
metadata:
name: demo-server
labels:
app.kubernetes.io/name: demo-server
app.kubernetes.io/part-of: crowdstrike-demo
app.kubernetes.io/created-by: crowdstrike
spec:
type: ClusterIP
ports:
- port: 4444
targetPort: 4444
protocol: TCP
name: demo-c2
selector:
run: demo-server