Jimmy Mesta

As a user I need to be able to exploit an kubelet API with no authentication

1

### Motivation Zero-auth on a Kubelet causes major issues. This exercise should expose a kubernetes READ port (10255) to grab a pod with the key name being the CTF key....

As a user I need to be able to see what is mounted in a sensitive volume mount

1

### Motivation The key will be stored in the volume mount. Containers shouldn't be allowed to mount volumes like this. ### Acceptance ### Design Ideas

As a user I need to be able to read data on a Redis instance running inside of the cluster

1

### Motivation Without network policies or a service mesh it is possible to hit unwanted pods via application vuln. This challenge will expose Redis. ### Acceptance ### Design Ideas

As a user I am able to log in to the cluster anonymously.

2

### Motivation `anonymous-auth=true` is bad when combined with `authorization-mode=AlwaysAllow`. We will enable this and figure out how to expose a key to the user that is applicable. ### Acceptance ###...

### Motivation The dashboard can do bad things. This challenge will be to find the dashboard running and open to the internet and discover the key within.

### Motivation This challenge will use privileged==true to escalate privileges and find the key

### Motivation Secrets are not secure by default. This challenge will expose the token by using kubectl to access secrets which has the token embedded

### Motivation Directory traversal / RCE / SSRF can lead to exposure of the default service account token. This challenge of web app vulns + SA token submission.

Created simple Dockerfile to run go-flashpaper in a container. To build run `docker build . -t test/flashpaper` and run using `docker run -d -p 8443:8443 test/flashpaper`. The service will then...