Ctrlk

Container Testing Methodology

Kubernetes/Container Penetration Testing Methodology

1. Reconnaissance

Gather information about the target environment
Identify exposed services and endpoints

Commands:

# Scan for open ports
nmap -sV -p- <target_ip>

# Identify Kubernetes API server
curl -k https://<api_server_ip>:6443/version

# Enumerate subdomains
subfinder -d <domain>

2. Initial Access

Exploit exposed services
Gain a foothold in the cluster

Commands:

3. Privilege Escalation

Escalate privileges within the cluster
Move laterally between pods/nodes

Commands:

4. Post-Exploitation

Access sensitive data
Maintain persistence
Pivot to other parts of the infrastructure

Commands:

5. Covering Tracks

Remove evidence of intrusion
Clean up temporary files and logs

Commands:

6. Reporting

Document findings
Provide remediation recommendations

Key Areas to Address:

Misconfigurations
Vulnerabilities in images or components
Overly permissive RBAC rules
Insecure network policies
Lack of encryption or proper authentication

Remember to always get proper authorization before performing any penetration testing activities.

PreviousKubernetes NextDropping Kali in your test space

Last updated 1 year ago

# Test for unauthenticated access to API server
kubectl --insecure-skip-tls-verify -s https://<api_server_ip>:6443 get pods

# Exploit known vulnerabilities (e.g., CVE-2018-1002105)
./cve-2018-1002105.sh https://<api_server_ip>:6443

# List service accounts and their permissions
kubectl get serviceaccounts
kubectl get clusterrolebindings

# Exploit overly permissive RBAC rules
kubectl --as=system:serviceaccount:default:default get secrets

# Escape container to host
docker run -v /:/host -it ubuntu chroot /host