The security playground is an HTTP web server to simulate security breaches. It allows you to read, write, and execute commands in a containerized environment.
$ docker build -t sysdiglabs/security-playground:latest .
Deploy the docker image in your environment, and setup the probe health check to the /health:8080 endpoint if required.
You can also run the image locally:
$ docker run --rm -p 8080:8080 sysdiglabs/security-playgroundThe application provides endpoints for:
The health check endpoint is /health on port 8080 and returns the 200 HTTP status code.
You can retrieve a file's contents by sending a GET request to the application's URL.
$ curl <URL>:8080/<PATH>For example:
$ curl localhost:8080/etc/shadowThis will return the content of the /etc/shadow file in the container running locally.
You can write data to a file by sending a POST request to the application's URL with the desired content.
$ curl -X POST <URL>:8080/<PATH> -d 'content=<CONTENT>'For example:
$ curl -X POST localhost:8080/bin/hello -d 'content=hello-world'This command writes the string hello-world to /bin/hello.
To execute a command, send a POST request to the /exec endpoint with the command as the payload.
$ curl -X POST <URL>:8080/exec -d 'command=<CMD>'For example:
$ curl -X POST localhost:8080/exec -d 'command=ls'This will run the command and return its STDOUT output.