Adding Setup, Access, Teardown powershell scripts

Allevon412 · web-flow · commit cfb98aae38d2 · 2024-11-12T14:12:55.000-08:00
Adding these scripts so that people on windows can also use the kubernetes goat platform from their native OS.
diff --git a/access-kubernetes-goat.ps1 b/access-kubernetes-goat.ps1
@@ -0,0 +1,45 @@
+﻿# Author: Madhu Akula
+# This program has been created as part of Kubernetes Goat
+# Kubernetes Goat Access vulnerable infrastructure
+
+# Checking kubectl.exe setup
+try {
+    kubectl.exe version > $null 2>&1
+    Write-Host "kubectl.exe setup looks good."
+} catch {
+    Write-Host "Please check kubectl.exe setup."
+    exit
+}
+
+
+Write-Host 'Creating port forward for all the Kubernetes Goat resources to locally. We will be using 1230 to 1236 ports locally!'
+
+# Exposing Sensitive keys in code bases Scenario
+$POD_NAME = kubectl.exe get pods --namespace default -l "app=build-code" -o jsonpath="{.items[0].metadata.name}"
+Start-Process -NoNewWindow -FilePath "C:\Program Files\Docker\Docker\resources\bin\kubectl.exe" -ArgumentList "port-forward $POD_NAME --address 0.0.0.0 1230:3000" -RedirectStandardError "C:\NUL" -RedirectStandardOutput ".\NUL"
+
+# Exposing DIND (docker-in-docker) exploitation Scenario
+$POD_NAME = kubectl.exe get pods --namespace default -l "app=health-check" -o jsonpath="{.items[0].metadata.name}"
+Start-Process -NoNewWindow -FilePath "C:\Program Files\Docker\Docker\resources\bin\kubectl.exe" -ArgumentList "port-forward $POD_NAME --address 0.0.0.0 1231:80" -RedirectStandardError "C:\NUL" -RedirectStandardOutput ".\NUL"
+
+# Exposing SSRF in K8S world Scenario
+$POD_NAME = kubectl.exe get pods --namespace default -l "app=internal-proxy" -o jsonpath="{.items[0].metadata.name}"
+Start-Process -NoNewWindow -FilePath "C:\Program Files\Docker\Docker\resources\bin\kubectl.exe" -ArgumentList "port-forward $POD_NAME --address 0.0.0.0 1232:3000" -RedirectStandardError "C:\NUL" -RedirectStandardOutput ".\NUL"
+
+# Exposing Container escape to access host system Scenario
+$POD_NAME = kubectl.exe get pods --namespace default -l "app=system-monitor" -o jsonpath="{.items[0].metadata.name}"
+Start-Process -NoNewWindow -FilePath "C:\Program Files\Docker\Docker\resources\bin\kubectl.exe" -ArgumentList "port-forward $POD_NAME --address 0.0.0.0 1233:8080" -RedirectStandardError "C:\NUL" -RedirectStandardOutput ".\NUL"
+
+# Exposing Kubernetes Goat Home
+$POD_NAME = kubectl.exe get pods --namespace default -l "app=kubernetes-goat-home" -o jsonpath="{.items[0].metadata.name}"
+Start-Process -NoNewWindow -FilePath "C:\Program Files\Docker\Docker\resources\bin\kubectl.exe" -ArgumentList "port-forward $POD_NAME --address 0.0.0.0 1234:80" -RedirectStandardError "C:\NUL" -RedirectStandardOutput ".\NUL"
+
+# Exposing Attacking private registry Scenario
+$POD_NAME = kubectl.exe get pods --namespace default -l "app=poor-registry" -o jsonpath="{.items[0].metadata.name}"
+Start-Process -NoNewWindow -FilePath "C:\Program Files\Docker\Docker\resources\bin\kubectl.exe" -ArgumentList "port-forward $POD_NAME --address 0.0.0.0 1235:5000" -RedirectStandardError "C:\NUL" -RedirectStandardOutput ".\NUL"
+
+# Exposing DoS resources Scenario
+$POD_NAME = kubectl.exe get pods --namespace big-monolith -l "app=hunger-check" -o jsonpath="{.items[0].metadata.name}"
+Start-Process -NoNewWindow -FilePath "C:\Program Files\Docker\Docker\resources\bin\kubectl.exe" -ArgumentList "--namespace big-monolith port-forward $POD_NAME --address 0.0.0.0 1236:8080" -RedirectStandardError "C:\NUL" -RedirectStandardOutput ".\NUL"
+
+Write-Host "Visit http://127.0.0.1:1234 to get started with your Kubernetes Goat hacking!"
diff --git a/setup-kubernetes-goat.ps1 b/setup-kubernetes-goat.ps1
@@ -0,0 +1,56 @@
+# Author: Madhu Akula
+# This program has been created as part of Kubernetes Goat
+# Kubernetes Goat setup and manage vulnerable infrastructure
+
+# Checking kubectl setup
+try {
+    kubectl.exe version > $null 2>&1
+    Write-Host "kubectl.exe setup looks good."
+} catch {
+    Write-Host "Error: Could not find kubectl.exe or another error happened, please check kubectl.exe setup."
+    exit
+}
+
+# Deprecated helm2 scenario
+# Checking helm2 setup
+#try {
+#    helm2 --help > $null 2>&1
+#    Write-Host "helm2 setup looks good."
+#} catch {
+#    Write-Host "Error: Could not find helm2, please check helm2 setup."
+#    exit
+#}
+#
+## helm2 setup
+#Write-Host "setting up helm2 rbac account and initialise tiller"
+#kubectl apply -f scenarios/helm2-rbac/setup.yaml
+#helm2 init --service-account tiller
+#
+## wait for tiller service to ready
+#Write-Host "waiting for helm2 tiller service to be active."
+#Start-Sleep -Seconds 50
+
+# deploying insecure-rbac scenario
+Write-Host "deploying insecure super admin scenario"
+kubectl.exe apply -f scenarios/insecure-rbac/setup.yaml
+
+# deploying helm chart to verify the setup
+Write-Host "deploying helm chart metadata-db scenario"
+helm install metadata-db scenarios/metadata-db/
+
+# setup the scenarios/configurations
+Write-Host 'deploying the vulnerable scenarios manifests'
+kubectl.exe apply -f scenarios/batch-check/job.yaml
+kubectl.exe apply -f scenarios/build-code/deployment.yaml
+kubectl.exe apply -f scenarios/cache-store/deployment.yaml
+kubectl.exe apply -f scenarios/health-check/deployment.yaml
+kubectl.exe apply -f scenarios/hunger-check/deployment.yaml
+kubectl.exe apply -f scenarios/internal-proxy/deployment.yaml
+kubectl.exe apply -f scenarios/kubernetes-goat-home/deployment.yaml
+kubectl.exe apply -f scenarios/poor-registry/deployment.yaml
+kubectl.exe apply -f scenarios/system-monitor/deployment.yaml
+kubectl.exe apply -f scenarios/hidden-in-layers/deployment.yaml
+
+Write-Host 'Successfully deployed Kubernetes Goat. Have fun learning Kubernetes Security!'
+Write-Host 'Ensure pods are in running status before running access-kubernetes-goat.sh script'
+Write-Host 'Now run the bash access-kubernetes-goat.sh to access the Kubernetes Goat environment.'
diff --git a/teardown-kubernetes-goat.ps1 b/teardown-kubernetes-goat.ps1
@@ -0,0 +1,32 @@
+# Author: Madhu Akula
+# This program has been created as part of Kubernetes Goat
+# Teardown Kubernetes Goat setup
+
+# Removing the superadmin cluster role/binding
+kubectl.exe delete clusterrolebindings superadmin
+kubectl.exe delete serviceaccount -n kube-system superadmin
+
+# Removing the helm-tiller cluster role/binding
+kubectl.exe delete clusterrole all-your-base
+kubectl.exe delete clusterrolebindings belong-to-us
+
+# Removing metadata db chart
+helm delete metadata-db --no-hooks
+# helm2 delete pwnchart --purge
+
+# Remove tiller deployment
+kubectl.exe delete deployments -n kube-system tiller-deploy
+
+# Delete the scenarios
+kubectl.exe delete -f scenarios/batch-check/job.yaml
+kubectl.exe delete -f scenarios/build-code/deployment.yaml
+kubectl.exe delete -f scenarios/cache-store/deployment.yaml
+kubectl.exe delete -f scenarios/health-check/deployment.yaml
+kubectl.exe delete -f scenarios/hunger-check/deployment.yaml
+kubectl.exe delete -f scenarios/internal-proxy/deployment.yaml
+kubectl.exe delete -f scenarios/kubernetes-goat-home/deployment.yaml
+kubectl.exe delete -f scenarios/poor-registry/deployment.yaml
+kubectl.exe delete -f scenarios/system-monitor/deployment.yaml
+kubectl.exe delete -f scenarios/hidden-in-layers/deployment.yaml
+
+Write-Host "The Kubernetes Goat scenarios have been removed. Ensure to clean up what you installed and used. It's better to delete the cluster."
