KCDUK 2023 CTF

[https://bit.ly/kcduk-ctf-23](https://hackmd.io/I2lbIVpFQ1yIy1edwA82mQ) ------------------------------------------------------- ## Conference WiFi SSID: **CodeNode** Password: **EnterSpace** ## Setup - [Credentials Here](https://drive.google.com/drive/folders/1CsiNxikO7LZqtRvfndClFcvoE9P5md6k?usp=drive_link) - Download the `*.tar` bundle from your room directory in the Google Drive link above ```bash= tar xf *.tar.gz ssh -i cp_simulator_rsa -F cp_simulator_config -o IdentitiesOnly=yes bastion ``` If your connection hangs (on the guest wifi), add the following to the `cp_simulator_config` file * flags are in the format: `flag_ctf{...}` ## CTF Scenario 1 - PSS misconfiguration ### Hints [PSA Exemptions](https://kubernetes.io/docs/concepts/security/pod-security-admission/#exemptions) [Configure Admission Controller](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/#configure-the-admission-controller) ```bash= The platform team spent their Christmas holidays migrating from pod security policies to the new fancy standard, locking down the k8s fleet! Nonetheless, an attacker stole a developer credential and has managed to run his own unconstrained Pod in the dev-app-factory namespace, to later pivot on the host. How is that even possible?! Can you find a way to remediate this and ensure that the attacker Pod can't run anymore in the cluster? ``` ## CTF Scenario 2 - Coastline Cluster Attack ### Hints * SREs jump at the chance to use ChatOps * Developers often get attached to their containers * PROCeed with caution * Make a token gesture to the cluster ```bash= ___ .-' `'. / \ | ; | | ___.--, _.._ |0) ~ (0) | _.---'`__.-( (_. __.--'`_.. '.__.\ '--. \_.-' ,.--'` `""` ( ,.--'` ',__ /./; ;, '.__.'` __ _`) ) .---.__.' / | |\ \__..--"" """--.,_ `---' .'.''-._.-'`_./ /\ '. \ _.-~~~````~~~-._`-.__.' | | .' _.-' | | \ \ '. `~---` \ \/ .' \ \ '. '-._) \/ / \ \ `=.__`~-. / /\ `) ) / / `"".`\ , _.-'.'\ \ / / ( ( / / `--~` ) ) .-'.' '.'. | ( (/` ( (` ) ) '-; ` '-; (-' Dread Pirate Captain Hλ$ħ𝔍Ⱥ¢k is looking to recruit you to his motley crew. Hλ$ħ𝔍Ⱥ¢k has obtained access to Coastline Data's jumpbox and wants you to obtain full cluster compromise. Will you fail the initiation or will your short-lived stay in the motley crew become permanent? ``` ## Attendee IDs | Cluster | | Name/Ident | | ----------- | ------ | -------------- | | Attendee 00 | | @wakeward | | Attendee 01 | | RC | | Attendee 02 | | | | Attendee 03 | | | | Attendee 04 | | Nathalie Ekong | | Attendee 05 | | | | Attendee 06 | | | | Attendee 07 | |James Williams | | Attendee 08 | | | | Attendee 09 | | | | Attendee 10 | |Megan O'Flynn | | Attendee 12 | | | | Attendee 13 | | Toby Jackson - CTF1 | | Attendee 14 | | Toby Jackson - CTF2 | | Attendee 15 | | Aiden Gleave | | Attendee 16 | | | | Attendee 17 | | Anish | | Attendee 18 | | | | Attendee 19 | | | | Attendee 20 | | Jack Torpoco | | Attendee 21 | | | | Attendee 22 | | | | Attendee 23 | | TEAM DREAM 🐙 😴 ✨ | | Attendee 24 | | | | Attendee 25 | | Morteza Torabi | | Attendee 26 | | vinoth | | Attendee 27 | | | | Attendee 28 | | | | Attendee 29 | | | | Attendee 30 | | | | Attendee 31 | | | | Attendee 32 | | | | Attendee 33 | | Zahary | | Attendee 34 | | | | Attendee 35 | | | | Attendee 36 | | | | Attendee 37 | | | | Attendee 38 | | | | Attendee 39 | | | | Attendee 40 | | Smarticu5 |