diff --git a/.github/scripts/docker-create-and-push.sh b/.github/scripts/docker-create-and-push.sh
index cd7ee8a4b..6deeb0242 100755
--- a/.github/scripts/docker-create-and-push.sh
+++ b/.github/scripts/docker-create-and-push.sh
@@ -87,9 +87,9 @@ git restore src/main/resources/.bash_history
echo "committing changes and new pom file with version ${tag}"
git commit -am "Update POM file with new version: ${tag}"
git push
-#echo "tagging version"
-#git tag -a $tag -m "${message}"
-#git push --tags
+echo "tagging version"
+git tag -a $tag -m "${message}"
+git push --tags
echo "Don't forget to update experiment-bed"
echo "git checkout experiment-bed && git merge master --no-edit"
diff --git a/Dockerfile.web b/Dockerfile.web
index 38b0135df..b1502d22d 100644
--- a/Dockerfile.web
+++ b/Dockerfile.web
@@ -1,6 +1,6 @@
-FROM jeroenwillemsen/wrongsecrets:challenge20test2-no-vault
+FROM jeroenwillemsen/wrongsecrets:1.4.5-no-vault
-ARG argBasedVersion="1.4.4"
+ARG argBasedVersion="1.4.5"
ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
ENV APP_VERSION=$argBasedVersion
ENV K8S_ENV=Heroku(Docker)
diff --git a/README.md b/README.md
index 3b60d50b5..5f11b800f 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ For the basic docker exercises you currently require:
You can install it by doing:
```bash
-docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.4.4-no-vault
+docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.4.5-no-vault
```
Now you can try to find the secrets by means of solving the challenge offered at:
diff --git a/aws/k8s/secret-challenge-vault-deployment.yml b/aws/k8s/secret-challenge-vault-deployment.yml
index 4bcb544af..11ebd874c 100644
--- a/aws/k8s/secret-challenge-vault-deployment.yml
+++ b/aws/k8s/secret-challenge-vault-deployment.yml
@@ -37,7 +37,7 @@ spec:
volumeAttributes:
secretProviderClass: "wrongsecrets-aws-secretsmanager"
containers:
- - image: jeroenwillemsen/wrongsecrets:1.4.4-k8s-vault
+ - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
diff --git a/azure/k8s/secret-challenge-vault-deployment.yml.tpl b/azure/k8s/secret-challenge-vault-deployment.yml.tpl
index 37dc85d26..f69eebdd3 100644
--- a/azure/k8s/secret-challenge-vault-deployment.yml.tpl
+++ b/azure/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -35,7 +35,7 @@ spec:
volumeAttributes:
secretProviderClass: "azure-wrongsecrets-vault"
containers:
- - image: jeroenwillemsen/wrongsecrets:1.4.4-k8s-vault
+ - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
diff --git a/gcp/k8s/secret-challenge-vault-deployment.yml.tpl b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
index b8007fdfc..eb5ca09e2 100644
--- a/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
+++ b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -37,7 +37,7 @@ spec:
volumeAttributes:
secretProviderClass: "wrongsecrets-gcp-secretsmanager"
containers:
- - image: jeroenwillemsen/wrongsecrets:1.4.4-k8s-vault
+ - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
diff --git a/k8s/secret-challenge-deployment.yml b/k8s/secret-challenge-deployment.yml
index 019e45d4f..f833ec4e5 100644
--- a/k8s/secret-challenge-deployment.yml
+++ b/k8s/secret-challenge-deployment.yml
@@ -28,7 +28,7 @@ spec:
runAsGroup: 2000
fsGroup: 2000
containers:
- - image: jeroenwillemsen/wrongsecrets:1.4.4-no-vault
+ - image: jeroenwillemsen/wrongsecrets:1.4.5-no-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml
index 74ed8e586..b4182066f 100644
--- a/k8s/secret-challenge-vault-deployment.yml
+++ b/k8s/secret-challenge-vault-deployment.yml
@@ -30,7 +30,7 @@ spec:
runAsNonRoot: true
serviceAccountName: vault
containers:
- - image: jeroenwillemsen/wrongsecrets:1.4.4-k8s-vault
+ - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
diff --git a/pom.xml b/pom.xml
index f7da822a0..8117f54c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -9,7 +9,7 @@
org.owasp
wrongsecrets
- challenge20test2-SNAPSHOT
+ 1.4.5-SNAPSHOT
OWASP WrongSecrets
Examples with how to not use secrets
https://owasp.org/www-project-wrongsecrets/
diff --git a/src/main/resources/explanations/challenge19.adoc b/src/main/resources/explanations/challenge19.adoc
index 98cf2a664..bc873ad7b 100644
--- a/src/main/resources/explanations/challenge19.adoc
+++ b/src/main/resources/explanations/challenge19.adoc
@@ -1,4 +1,4 @@
-=== Obfuscating part 1 the C binary
+=== Obfuscating in binaries part 1: the C binary
We need to put a secret in a mobile app! Nobody will notice the secret in our compiled code!
This is a misbelief we have often encountered when presenting on mobile security topics.
diff --git a/src/main/resources/explanations/challenge20.adoc b/src/main/resources/explanations/challenge20.adoc
index 5d99ad4e9..1d561b90d 100644
--- a/src/main/resources/explanations/challenge20.adoc
+++ b/src/main/resources/explanations/challenge20.adoc
@@ -1,4 +1,4 @@
-=== Obfuscating part 2: the C++ binary
+=== Obfuscating in binaries part 2: the C++ binary
Similar like hiding secrets in an application written in C, you end up in a similar situation with C++. Can you find the secret in our binary?
diff --git a/src/main/resources/explanations/challenge20_hint.adoc b/src/main/resources/explanations/challenge20_hint.adoc
index c4524fdb4..2a63bf481 100644
--- a/src/main/resources/explanations/challenge20_hint.adoc
+++ b/src/main/resources/explanations/challenge20_hint.adoc
@@ -9,7 +9,7 @@ You can solve this challenge using the following steps:
- Allow the Ghidra to analyze the application.
- Search for the secret: Go to `Functions` on the left-hand side, select `__Z6secretv()` . Now on the screen on the right-hand side you can see the secret. This is a string in C++, wrapped in another class (`SecretContainer`).
- Search for the same secret, which is "hidden" as a char array: Go to `Functions` on the left-hand side, select `__Z7secret2v()`. On the right hand side, you see the function: now click on the return result of the function at `__ZZ7secret2vE6harder` . Now you can see the result in the Listing view.
-
+- Alternatively: when you have analyzed the application with Ghirda: do a search for strings in all blocks and see if you can spot the secret ;-).
2. Find the secrets with https://www.radare.org[radare2].
- Install https://www.radare.org[radare2] with either `brew install radare2` on Mac or follow these steps: `git clone https://github.com/radareorg/radare2; cd radare2 ; sys/install.sh`