whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/enumeration/docs/kubectl.md

950 B
Raw Blame History

Kubectl

kubectl get pods
  • Check mounted secret
kubectl auth can-i --list
kubectl get secrets
kubectl get nodes
kubectl get deployments
kubectl get services
kubectl get ingress
kubectl get jobs
  • Intel about a secret, and output
kubectl describe secrets <secret> 
kubectl describe secrets <secret> -o 'json'

Abuse Token

  • Inside a pod the service token(jwt) can be found under /var/run/secrets/kubernetes.io/serviceaccount/token
  • By change of an LFI extract the token and
kubectl auth can-i --list --token=$TOKEN
kubectl get pods  --token=$TOKEN
kubectl exec -it <pod name> --token=$TOKEN -- /bin/sh

Create Pods

  • Use BishopFox's BadPods
  • If there is no internet connection add imagePullPolicy: IfNotPresent to the YAML file
kubectl apply -f pod.yml --token=$TOKEN
kubectl exec -it everything-allowed-exec-pod --token=$TOKEN -- /bin/bash