In order to use IMDS to create kubelet certificates, GKE uses TPM to sign the certificate. Once attested it is auto approved and returns a set of credentials for a kubelet.
Once the certificate are received, one can use it to perform actions on behalf of a kubelet. For example : get service account token of all the pods running in the instance.
The prerequisite for this attack is the need of pod with privilege: True permission.
One might mount the host filesystem to get access to kubelet's certificate. But GKE mounts the keys as a tmpfs and I could not find a way to mount it to the privileged pod.
You will need to modify the cmd/gke-exec-auth-plugin in the following repo https://github.com/kubernetes/cloud-provider-gcp
Get the kube-env file by mounting the /dev/sda1 filesystem
Mount the file system to read kube-env file
mount /dev/sda1 /dev/shm/test
Once, mounted the kube-env data can be read from /dev/shm/test/home/kubernetes/kube-env.
Copy the kube-env file to the cloned repository and run build.sh
This should print all the SA token of pods running on the current machine.
The sample kube-env_new shows the required field and format. Only the following keys are required
CA_FILE_PATH: ./ca.crt
TPM_BOOTSTRAP_KEY: LS0tLS
TPM_BOOTSTRAP_CERT: LS0t
KUBERNETES_MASTER_NAME: 10
CA_CERT: LS0
The ca.crt file can be created using the following command
cat kube-env_new | grep "CA_CERT" | cut -d ' ' -f 2 | base64 -d > ca.crt
Once done it creates a certificate.
The certificates is then used on the token-extractor-gcp.py <api-server-https-url> script to extract the ServiceAccountToken associated with pods running on the node.