From 850cf7228da04863d06f2761b69ea0eefdc30c63 Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Wed, 23 Feb 2022 17:39:58 +0100
Subject: [PATCH] deploy the exploitkit

---
 cicd/03-rolebindings.yaml         |  3 +++
 exploit/deployment/10-deploy.yaml | 32 +++++++++++++++++++++++++++++++
 exploit/deployment/20-svc.yaml    | 25 ++++++++++++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 exploit/deployment/10-deploy.yaml
 create mode 100644 exploit/deployment/20-svc.yaml

diff --git a/cicd/03-rolebindings.yaml b/cicd/03-rolebindings.yaml
index fedde33..fcf908d 100644
--- a/cicd/03-rolebindings.yaml
+++ b/cicd/03-rolebindings.yaml
@@ -14,3 +14,6 @@ subjects:
 - kind: ServiceAccount
   name: pipeline
   namespace: vulnerable-cicd
+- kind: ServiceAccount
+  name: default
+  namespace: exploitkit-log4j
diff --git a/exploit/deployment/10-deploy.yaml b/exploit/deployment/10-deploy.yaml
new file mode 100644
index 0000000..ea98bcf
--- /dev/null
+++ b/exploit/deployment/10-deploy.yaml
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: jndi-exploit-kit
+    app.kubernetes.io/component: jndi-exploit-kit
+    app.kubernetes.io/instance: jndi-exploit-kit
+  name: jndi-exploit-kit
+  namespace: exploitkit-log4j
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      deployment: jndi-exploit-kit
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        deployment: jndi-exploit-kit
+    spec:
+      containers:
+      - image: image-registry.openshift-image-registry.svc.cluster.local:5000/vulnerable-cicd/exploitkit-log4j:latest
+        imagePullPolicy: Always
+        name: jndi-exploit-kit
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
diff --git a/exploit/deployment/20-svc.yaml b/exploit/deployment/20-svc.yaml
new file mode 100644
index 0000000..4c2d103
--- /dev/null
+++ b/exploit/deployment/20-svc.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: jndi-exploit-kit
+  name: jndi-exploit-kit
+  namespace: exploitkit-log4j
+spec:
+  ports:
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  - name: ldap
+    port: 1389
+    protocol: TCP
+    targetPort: 1389
+  - name: rmi
+    port: 1099
+    protocol: TCP
+    targetPort: 1099
+  selector:
+    deployment: jndi-exploit-kit
+  sessionAffinity: None
+  type: ClusterIP