枚举

11 months ago
red.ghostwolflab.com
2 minutes

扫描可公开访问的Kubelet

下载工具:

  • Kubolt

https://github.com/averonesis/kubolt

python kubolt.py --query "asn:123123 org:'ACME Corporation'"
#or
python kubolt.py --query "org:'ACME Corporation' country:UK"

Docker 枚举、权限升级和容器逃逸

下载工具:

  • DEEPCE

https://github.com/stealthcopter/deepce

使用以下之一将 DEEPCE 下载到主机或容器上:

wget https://github.com/stealthcopter/deepce/raw/main/deepce.sh
curl -sL https://github.com/stealthcopter/deepce/raw/main/deepce.sh -o deepce.sh
# Or using python requests
python -c 'import requests;print(requests.get("https://github.com/stealthcopter/deepce/raw/main/deepce.sh").content)' > deepce.sh 
python3 -c 'import requests;print(requests.get("https://github.com/stealthcopter/deepce/raw/main/deepce.sh").content.decode("utf-8"))' > deepce.sh

运行脚本:

# Make the script executable and then run it
chmod +x ./deepce.sh
./deepce.sh

Kubeletctl

检索Kubelet版本信息:

kubeletctl get /version --node <NODE_NAME> --kubelet-version <KUBELET_VERSION>

获取节点日志:

kubeletctl logs <POD_NAME> --node <NODE_NAME>

Hayat

Hayat是Google Cloud Platform服务的审计和强化脚本

下载工具:

https://github.com/DenizParlak/hayat

只扫描 Kubernetes 集群:

./hayat.sh --only-k8s