-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcloud.txt
92 lines (92 loc) · 3.48 KB
/
cloud.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#cloud-config
user: root
password: root
chpasswd: {expire: False}
ssh_pwauth: True
write_files:
- content: |
#!/bin/bash
set -ex
systemctl restart kubelet
while true
do
sleep 5
if [ $(kubectl get pods --all-namespaces -o jsonpath='{range .items[*].status.containerStatuses[*]}{.ready}{"\n"}{end}' | grep -v true | wc -l) = 0 ]; then break; fi
done
path: /wait-for.sh
permissions: '0755'
- content: |
flag{test}
path: /flag
permissions: '0400'
- content: |
#!/bin/bash
set -ex
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
# update kernel
wget https://ctf-challenges.obs.cn-south-1.myhuaweicloud.com/2022/hwctf_month-Qualifier-202204/container/dirty-pipe-escape-rw/kernel/linux-image-5.15.30%2B_5.15.30%2B-1_amd64.deb
dpkg -i linux-image-5.15.30+_5.15.30+-1_amd64.deb
# disable cloud-init
touch /etc/cloud/cloud-init.disabled
# echo "init finished"
# reboot
path: /init.sh
permissions: '0755'
- content: |
#!/bin/bash
set -ex
# install containerd
cat <<EOF | tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
apt-get update
apt-get install -y libseccomp2
export VERSION=1.6.2
wget https://github.com/containerd/containerd/releases/download/v${VERSION}/cri-containerd-cni-${VERSION}-linux-amd64.tar.gz
tar --no-overwrite-dir -C / -xzf cri-containerd-cni-${VERSION}-linux-amd64.tar.gz
systemctl daemon-reload
systemctl enable --now containerd
mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
sed -i "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml
systemctl start containerd
# install kube
apt-get update && apt-get install -y apt-transport-https ca-certificates curl
curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
apt-get update && apt-get install -y kubelet=1.23.5-00 kubeadm=1.23.5-00 kubectl=1.23.5-00
# init cluster
kubeadm init --pod-network-cidr=192.168.0.0/16 --kubernetes-version=1.23.5
mkdir -p /root/.kube
cp /etc/kubernetes/admin.conf /root/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
sleep 60
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
kubectl create -f https://docs.projectcalico.org/manifests/custom-resources.yaml
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl apply -f https://raw.githubusercontent.com/ssst0n3/ctf_dirty-pipe-escape-rw/main/ssh/deployment.yaml
while true
do
sleep 1
if [ $(kubectl get pods -n kube-system | wc -l) = 8 ]; then break; fi
done
while true
do
sleep 1
if [ $(kubectl get pods --all-namespaces -o jsonpath='{range .items[*].status.containerStatuses[*]}{.ready}{"\n"}{end}' | grep -v true | wc -l) = 0 ]; then break; fi
done
echo "install finished"
path: /install.sh
permissions: '0755'
runcmd:
- /init.sh