feat: manage scenarios

.dockerignore

@@ -5,6 +5,8 @@ bin/
 config/
 docs/
 internal/
+packer/.cache/
+packer/github.com/
 simulation-scripts/
 terraform/workspaces/simulator/.terraform/
 .dockerignore

.gitignore

@@ -3,4 +3,7 @@
 config/*
 !config/.gitkeep
 bin/
+packer/.cache/
+packer/github.com/
+simulation-scripts/
 terraform/workspaces/simulator/.terraform/

controlplane/commands/ansible.go

@@ -9,15 +9,15 @@ const (
 	AnsiblePlaybook Executable = "ansible-playbook"
 )
 
-func AnsiblePlaybookCommand(workingDir, playbook string, extraVars ...string) Runnable {
+func AnsiblePlaybookCommand(workingDir, playbookDir, playbook string, extraVars ...string) Runnable {
 	args := []string{
-		fmt.Sprintf("%s/%s.yaml", workingDir, playbook),
+		fmt.Sprintf("%s/%s.yaml", playbookDir, playbook),
 	}
 
 	if len(extraVars) > 0 {
 		args = append(args,
 			"--extra-vars",
-			fmt.Sprintf("\"%s\"", strings.Join(extraVars, " ")),
+			fmt.Sprintf("%s", strings.Join(extraVars, " ")),
 		)
 	}
 

controlplane/simulator.go

@@ -71,6 +71,7 @@ func (s simulator) BuildImage(ctx context.Context, name string) error {
 	return commands.PackerBuildCommand(PackerTemplateDir, string(name)).Run(ctx)
 }
 
+// TODO: add state path and config bucket and path to support Kubesim
 func (s simulator) CreateInfrastructure(ctx context.Context, bucket, key, name string) error {
 	slog.Debug("simulator create infrastructure", "bucket", bucket, "key", key, "name", name)
 
@@ -96,13 +97,13 @@ func (s simulator) DestroyInfrastructure(ctx context.Context, bucket, key, name
 func (s simulator) InstallScenario(ctx context.Context, name string) error {
 	slog.Debug("simulator install", "scenario", name)
 
-	return commands.AnsiblePlaybookCommand(AdminConfigDir, name).Run(ctx)
+	return commands.AnsiblePlaybookCommand(AdminConfigDir, AnsiblePlaybookDir, name).Run(ctx)
 }
 
 func (s simulator) UninstallScenario(ctx context.Context, name string) error {
 	slog.Debug("simulator uninstall", "scenario", name)
 
-	return commands.AnsiblePlaybookCommand(name, "state=absent").Run(ctx)
+	return commands.AnsiblePlaybookCommand(AdminConfigDir, AnsiblePlaybookDir, name, "state=absent").Run(ctx)
 }
 
 func backendConfig(bucket, key string) []string {

docs/terraform-aws-sso.md

@@ -27,5 +27,5 @@ aws sso login --profile simulator
 source <(aws configure export-credentials --profile simulator --format env)
 ```
 
-Be careful with timeouts, as this does not last as long as regular SSO credentials, so source the environment variables
+Be careful with timeouts, as this does not last as long as the SSO credentials, so source the environment variables
 before you run a Terraform or Packer command

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.19.0
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.40.2
 	github.com/docker/docker v24.0.6+incompatible
+	github.com/olekukonko/tablewriter v0.0.5
 	github.com/opencontainers/image-spec v1.0.2
 	github.com/spf13/cobra v1.7.0
 	gopkg.in/yaml.v2 v2.2.8
@@ -38,6 +39,7 @@ require (
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect

go.sum

@@ -68,10 +68,14 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=

internal/cli/image.go

@@ -23,8 +23,6 @@ var imageBuildCmd = &cobra.Command{
 	Short: "Build the packer image",
 	Args:  cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
-		runner := container.New(cfg)
-
 		ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 		defer stop()
 
@@ -37,6 +35,7 @@ var imageBuildCmd = &cobra.Command{
 			fmt.Sprintf("%s.pkr.hcl", name),
 		}
 
+		runner := container.New(cfg)
 		err := runner.Run(ctx, command)
 		cobra.CheckErr(err)
 	},

internal/cli/infra.go

@@ -20,8 +20,6 @@ var infraCreateCmd = &cobra.Command{
 	Use:   "create",
 	Short: "Create simulator infrastructure",
 	Run: func(cmd *cobra.Command, args []string) {
-		runner := container.New(cfg)
-
 		ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 		defer stop()
 
@@ -34,6 +32,7 @@ var infraCreateCmd = &cobra.Command{
 			cfg.Name,
 		}
 
+		runner := container.New(cfg)
 		err := runner.Run(ctx, command)
 		cobra.CheckErr(err)
 	},
@@ -43,8 +42,6 @@ var infraDestroyCmd = &cobra.Command{
 	Use:   "destroy",
 	Short: "Destroy simulator infrastructure",
 	Run: func(cmd *cobra.Command, args []string) {
-		runner := container.New(cfg)
-
 		ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 		defer stop()
 
@@ -57,6 +54,7 @@ var infraDestroyCmd = &cobra.Command{
 			cfg.Name,
 		}
 
+		runner := container.New(cfg)
 		err := runner.Run(ctx, command)
 		cobra.CheckErr(err)
 	},

internal/cli/storage.go

@@ -18,8 +18,6 @@ var bucketCmd = &cobra.Command{
 var createBucketCmd = &cobra.Command{
 	Use: "create",
 	Run: func(cmd *cobra.Command, args []string) {
-		runner := container.New(cfg)
-
 		ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 		defer stop()
 
@@ -30,6 +28,7 @@ var createBucketCmd = &cobra.Command{
 			cfg.Bucket,
 		}
 
+		runner := container.New(cfg)
 		err := runner.Run(ctx, command)
 		cobra.CheckErr(err)
 	},

scenarios/config/devious-developer-data-dump/tasks.yaml

@@ -0,0 +1,14 @@
+category: KubeCon
+difficulty: KubeCon
+name: cicd
+kind: cp.simulator/scenario:1.0.0
+objective: Get postgres password.
+tasks:
+  "1":
+    hints:
+    sortOrder: 1
+    startingPoint:
+      mode: pod
+      podName: jumpbox
+      podNamespace: dmz
+    summary: x

scenarios/playbooks/devious-developer-data-dump.yaml

@@ -0,0 +1,14 @@
+---
+
+- name: Devious Developer Data Dump
+  hosts: all
+  become: yes
+  vars:
+    state: present
+    master_ip: "{{ hostvars['master-1']['ansible_facts']['default_ipv4']['address'] }}"
+    master_hostname: "{{ hostvars['master-1']['ansible_facts']['hostname'] }}"
+    node1_ip: "{{ hostvars['node-1']['ansible_facts']['default_ipv4']['address'] }}"
+    node1_hostname: "{{ hostvars['node-1']['ansible_facts']['hostname'] }}"
+    node2_hostname: "{{ hostvars['node-2']['ansible_facts']['hostname'] }}"
+  roles:
+    - devious-developer-data-dump

scenarios/roles/build-a-backdoor/files/challenge.txt

@@ -0,0 +1,31 @@
+                                                                                  |\
+                                                                                  | \
+                                                                                  |  \
+                                                                                  |   \
+                                                                      ____________|____\
+                 _________-----_____                                 |                  |
+        _____------           __      ----_                          |                  |
+ ___----             ___------              \                        |   _____   _____  |
+    ----________        ----                 \                       |  |     | |     | |
+                -----__    |             _____)                      |  |     | |     | |
+                     __-                /     \                      |  |_____| |_____| |
+         _______-----    ___--          \    /)\                     |                  |
+   ------_______      ---____            \__/  /                     |   _____   _____()|
+                -----__    \ --    _          /\                     |  |     | |     | |
+                       --__--__     \_____/   \_/\                   |  |     | |     | |
+                               ----|   /          |                  |  |     | |     | |
+                                   |  |___________|                  |  |     | |     | |
+                                   |  | ((_(_)| )_)                  |  |     | |     | |
+                                   |  \_((_(_)|/(_)                  |  |     | |     | |
+                                   \             (                   |  |_____| |_____| |
+                                    \_____________)                  |__________________|
+
+Captain Hλ$ħ𝔍Ⱥ¢k has discovered an authentication bypass in a remote operations management port for SaaS management solution
+
+Unfortunately Introspective Insight SecOps team have applied multiple security controls to restrict access to the service
+
+As an insider, the Dread Pirate wants you to allow remote access to the operations management port for the exploit to fire
+
+Remember you must be stealthy and ensure the current website continues to be publicly accessible
+
+If successful, Captain Hλ$ħ𝔍Ⱥ¢k will drop you a secret payment for your malicious actions. Good Luck!

scenarios/roles/cease-and-desist/files/challenge.txt

@@ -0,0 +1,20 @@
+
+                                _______________________
+                              =(__    ___      __     _)=
+                                |                     |
+                                |                     |
+                                |  Cease and Desist!  |
+                                |                     |
+                                |                     |
+                                |     Reform-Kube     |
+                                |                     |
+                                |                     |
+                                |                     |
+                                |__    ___   __    ___|
+                              =(_______________________)=
+
+Production is Down! Your organization is using reform-kube, an OS Kubernetes management project.
+
+Unfortunately, reform-kube has changed their licensing model and is no longer open source.
+
+Login to the licensing server and see if you can resolve the issue to get Production up and running.

scenarios/roles/ci-runner-ng-breakout/files/challenge.txt

@@ -0,0 +1,5 @@
+During penetration testing of a client kubernetes cluster, a vulnerability in a pod has been noticed.
+
+The pod is part of the CI/CD build infrastructure and you are concerned that a compromised runner may lead to compromsied VMs.
+
+Verify the vulnerability by breaking out of the CI runner pod.

scenarios/roles/cluster-network/defaults/main.yaml

@@ -0,0 +1,2 @@
+calico_version: 3.26.3
+weave_version: 2.8.1

scenarios/roles/cluster-network/tasks/calico.yaml

@@ -0,0 +1,15 @@
+- name: Download calico manifests
+  ansible.builtin.get_url:
+    url: "https://raw.githubusercontent.com/projectcalico/calico/v{{ calico_version }}/manifests/calico.yaml"
+    dest: ~/calico.yaml
+    mode: '0664'
+  become: no
+  when: "state == 'present' and 'bastion' in inventory_hostname"
+
+- name: Install calico
+  kubernetes.core.k8s:
+    src: ~/calico.yaml
+    state: "{{ state }}"
+    force: "{% if state == 'absent' %}yes{% else %}no{% endif %}"
+  become: no
+  when: "'bastion' in inventory_hostname"

scenarios/roles/cluster-network/tasks/weave.yaml

@@ -0,0 +1,14 @@
+- name: Download weave manifests
+  ansible.builtin.get_url:
+    url: "https://github.com/weaveworks/weave/releases/download/v{{ weave_version }}/weave-daemonset-k8s.yaml"
+    dest: ~/weave-daemonset-k8s.yaml
+    mode: '0664'
+  become: no
+  when: "state == 'present' and 'bastion' in inventory_hostname"
+
+- name: Install weave daemonset
+  kubernetes.core.k8s:
+    src: ~/weave-daemonset-k8s.yaml
+    state: "{{ state }}"
+  become: no
+  when: "'bastion' in inventory_hostname"

scenarios/roles/coastline-cluster-attack/files/challenge.txt

@@ -0,0 +1,24 @@
+                        ___
+                     .-'   `'.
+                    /         \
+                    |         ;
+                    |         |           ___.--,
+           _.._     |0) ~ (0) |    _.---'`__.-( (_.
+    __.--'`_.. '.__.\    '--. \_.-' ,.--'`     `""`
+   ( ,.--'`   ',__ /./;   ;, '.__.'`    __
+   _`) )  .---.__.' / |   |\   \__..--""  """--.,_
+  `---' .'.''-._.-'`_./  /\ '.  \ _.-~~~````~~~-._`-.__.'
+        | |  .' _.-' |  |  \  \  '.               `~---`
+         \ \/ .'     \  \   '. '-._)
+          \/ /        \  \    `=.__`~-.
+          / /\         `) )    / / `"".`\
+    , _.-'.'\ \        / /    ( (     / /
+     `--~`   ) )    .-'.'      '.'.  | (
+            (/`    ( (`          ) )  '-;
+             `      '-;         (-'
+
+Dread Pirate Captain Hλ$ħ𝔍Ⱥ¢k is looking to recruit you to his motley crew.
+
+Hλ$ħ𝔍Ⱥ¢k has obtained access to Coastline Data's jumpbox and wants you to obtain full cluster compromise.
+
+Will you fail the initiation or will your short-lived stay in the motley crew become permanent?

scenarios/roles/commandeer-container/files/challenge.txt

@@ -0,0 +1,25 @@
+                            _.--.
+                        _.-'_:-'||
+                    _.-'_.-::::'||
+               _.-:'_.-::::::'  ||
+             .'`-.-:::::::'     ||
+            /.'`;|:::::::'      ||_
+           ||   ||::::::'     _.;._'-._
+           ||   ||:::::'  _.-!oo @.!-._'-.
+           \'.  ||:::::.-!()oo @!()@.-'_.|
+            '.'-;|:.-'.&$@.& ()$%-'o.'\U||
+              `>'-.!@%()@'@_%-'_.-o _.|'||
+               ||-._'-.@.-'_.-' _.-o  |'||
+               ||=[ '-._.-\U/.-'    o |'||
+               || '-.]=|| |'|      o  |'||
+               ||      || |'|        _| ';
+               ||      || |'|    _.-'_.-'
+               |'-._   || |'|_.-'_.-'
+                '-._'-.|| |' `_.-'
+                    '-.||_/.-'
+
+Welcome to Captain Hλ$ħ𝔍Ⱥ¢k's Booty Camp!
+
+There is treasure to be had to those who can smuggle aboard and find the map.
+
+It's time to show Dread Pirate what you've learnt about Kubernetes.

scenarios/roles/devious-developer-data-dump/files/_git-repo-chatbot/.config/configstore/update-notifier-pnpm.json

@@ -0,0 +1,4 @@
+{
+	"optOut": false,
+	"lastUpdateCheck": 1680632678616
+}

scenarios/roles/devious-developer-data-dump/files/_git-repo-chatbot/.config/glitch-package-manager

@@ -0,0 +1 @@
+pnpm

scenarios/roles/devious-developer-data-dump/files/_git-repo-chatbot/.env

@@ -0,0 +1 @@
+MONGO_URI=