Upgrade to wrongsecrets 1.6.3

Author: commjoen

build-an-deploy.sh

@@ -10,6 +10,7 @@ source ./scripts/check-available-commands.sh
 checkCommandsAvailable helm docker kubectl yq
 
 version="$(uuidgen)"
+eval $(minikube docker-env)
 docker login
 WRONGSECRETS_IMAGE=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.wrongsecrets.image')
 WRONGSECRETS_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.wrongsecrets.tag')

build-and-deploy-container-minikube.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+source ./scripts/check-available-commands.sh
+checkCommandsAvailable helm docker kubectl yq minikube
+
+minikube delete
+minikube start  --cpus=6 --memory=8000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.25.6
+eval $(minikube docker-env)
+./build-an-deploy-container.sh  
+
+sleep 5
+
+echo "let's go!"
+
+kubectl port-forward service/wrongsecrets-balancer 3000:3000

build-and-deploy-minikube.sh

@@ -4,14 +4,12 @@ source ./scripts/check-available-commands.sh
 checkCommandsAvailable helm docker kubectl yq minikube
 
 minikube delete
-minikube start  --cpus=6 --memory=8000MB --network-plugin=cni --cni=calico --driver=docker
+minikube start  --cpus=6 --memory=8000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.25.6
 eval $(minikube docker-env)
 ./build-an-deploy.sh  
 
-sleep 5
+sleep 15
 
 echo "let's go!"
 
-$(kubectl port-forward service/wrongsecrets-balancer 3000:3000)
-
-$(kubectl logs -f -l app=wrongsecrets-balancer)
+kubectl port-forward service/wrongsecrets-balancer 3000:3000

helm/wrongsecrets-ctf-party/values.yaml

@@ -108,7 +108,7 @@ wrongsecrets:
   maxInstances: 500
   # -- Wrongsecrets Image to use
   image: jeroenwillemsen/wrongsecrets
-  tag: 1.6.0-no-vault
+  tag: 1.6.3-no-vault
   # -- Change the key when hosting a CTF event. This key gets used to generate the challenge flags. See: https://github.com/OWASP/wrongsecrets#ctf
   ctfKey: "[email protected]!9uR_K!NfkkTr"
   # -- Specify a custom Juice Shop config.yaml. See the JuiceShop Config Docs for more detail: https://pwning.owasp-juice.shop/part1/customization.html#yaml-configuration-file
@@ -200,7 +200,7 @@ virtualdesktop:
   maxInstances: 500
   # -- Juice Shop Image to use
   image: jeroenwillemsen/wrongsecrets-desktop-k8s
-  tag: 1.6.0
+  tag: 1.6.3
   repository: commjoenie/wrongSecrets
   resources:
     request:

readme.md

@@ -110,13 +110,15 @@ For minikube, run:
 
 ```shell
 
-minikube start  --cpus=6 --memory=10000MB --network-plugin=cni --cni=calico --driver=docker
+minikube start  --cpus=6 --memory=10000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.25.6
 eval $(minikube docker-env)
 ./build-an-deploy-container.sh
 kubectl port-forward service/wrongsecrets-balancer 3000:3000
 
 ```
 
+or use `build-and-deploy-container-minikube.sh` to do all of the above in one script.
+
 Want to know whether your system is holding up? use
 
 ```shell
@@ -127,14 +129,17 @@ kubectl top pods
 
 ### Develop with Minikube
 
+Please note that we are experiencing some issues with kubernetes.js and teams.js, these are being resolved.
+
 ```shell
 
-minikube start  --cpus=6 --memory=10000MB --network-plugin=cni --cni=calico --driver=docker
+minikube start  --cpus=6 --memory=10000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.25.6
 eval $(minikube docker-env)
 ./build-an-deploy.sh
 kubectl port-forward service/wrongsecrets-balancer 3000:3000
 
 ```
+or use `build-and-deploy-minikube.sh` to do all of the above in one script.
 
 
 ### Play with AWS EKS:

wrongsecrets-balancer/src/kubernetes.js

@@ -1303,14 +1303,18 @@ const getJuiceShopInstanceForTeamname = (teamname) => {
   k8sAppsApi
     .readNamespacedDeployment(`t-${teamname}-wrongsecrets`, `t-${teamname}`)
     .then((res) => {
-      return {
-        readyReplicas: res.body.status.readyReplicas,
-        availableReplicas: res.body.status.availableReplicas,
-        passcodeHash: res.body.metadata.annotations['wrongsecrets-ctf-party/passcode'],
-      };
+      logger.info(JSON.stringify(res));
+      if(res.body.hasOwnProperty('metadata') && res.body.metadata.hasOwnProperty('annotations') ){
+        return {
+          readyReplicas: res.body.status.readyReplicas,
+          availableReplicas: res.body.status.availableReplicas,
+          passcodeHash: res.body.metadata.annotations['wrongsecrets-ctf-party/passcode'],
+        };
+      }
+      return;
     })
     .catch((error) => {
-      if (error.response.body.message.contains('No such container')) {
+      if (error.response.body.message.includes('No such container')) {
         return;
       }
       throw new Error(error.response.body.message);

wrongsecrets-balancer/src/teams/teams.js

@@ -92,6 +92,7 @@ async function interceptAdminLogin(req, res, next) {
  * @param {import("express").NextFunction} next
  */
 async function validateHMAC(req, res, next) {
+  logger.info('validating hmac');
   try {
     const { team } = req.params;
     const { hmacvalue } = req.body;
@@ -147,12 +148,12 @@ async function joinIfTeamAlreadyExists(req, res, next) {
   const { team } = req.params;
   const { passcode } = req.body;
 
-  logger.debug(`Checking if team ${team} already has a WrongSecrets Deployment`);
+  logger.info(`Checking if team ${team} already has a WrongSecrets Deployment`);
 
   try {
     const { passcodeHash } = await getJuiceShopInstanceForTeamname(team);
 
-    logger.debug(`Team ${team} already has a WrongSecrets deployment`);
+    logger.info(`Team ${team} already has a WrongSecrets deployment`);
 
     if (passcode !== undefined && (await bcrypt.compare(passcode, passcodeHash))) {
       // Set cookie, (join team)
@@ -173,7 +174,7 @@ async function joinIfTeamAlreadyExists(req, res, next) {
       message: 'Team requires authentication to join',
     });
   } catch (error) {
-    if (error.message === `deployments.apps "t-${team}-wrongsecrets" not found`) {
+    if (error.message.includes(`deployments.apps "t-${team}-wrongsecrets" not found`) || error.message==="Cannot destructure property 'passcodeHash' of '(intermediate value)' as it is undefined.") {
       logger.info(`Team ${team} doesn't have a WrongSecrets deployment yet`);
       return next();
     } else {
@@ -193,11 +194,12 @@ async function joinIfTeamAlreadyExists(req, res, next) {
  * @param {import("express").NextFunction} next
  */
 async function checkIfMaxJuiceShopInstancesIsReached(req, res, next) {
+  logger.info("checking for max instances");
   const maxInstances = get('maxJuiceShopInstances');
 
   // If max instances is set to negative numbers it's not capped
   if (maxInstances < 0) {
-    logger.debug(`Skipping max instance check, max instances is set to '${maxInstances}'`);
+    logger.info(`Skipping max instance check, max instances is set to '${maxInstances}'`);
     return next();
   }
 
@@ -233,6 +235,8 @@ async function generatePasscode() {
  * @param {import("express").Response} res
  */
 async function createTeam(req, res) {
+  const { team } = req.params;
+  logger.info(`creating new team for team '${team}'`)
   if (k8sEnv === 'aws') {
     logger.info(
       'We will create an AWS deployment see the helm chart/deployment for setting this to k8s'
@@ -242,7 +246,7 @@ async function createTeam(req, res) {
   logger.info(
     'We will create a K8s deployment see the helm chart/deployment for setting this to aws'
   );
-  const { team } = req.params;
+  
   const { passcode, hash } = await generatePasscode();
   try {
     logger.info(`Creating Namespace for team '${team}'`);