2021-03-29 16:19:04 +00:00
# Pentesting Kubernetes
2021-12-22 15:22:43 +00:00
## Kubernetes Basics
2021-03-29 16:19:04 +00:00
2021-12-22 15:22:43 +00:00
If you don't know anything about Kubernetes this is a **good start** . Read it to learn about the **architecture, components and basic actions** in Kubernetes:
2021-04-24 11:40:49 +00:00
2021-12-22 15:22:43 +00:00
{% content-ref url="kubernetes-basics.md" %}
[kubernetes-basics.md ](kubernetes-basics.md )
{% endcontent-ref %}
2021-04-26 14:49:13 +00:00
2021-12-22 15:22:43 +00:00
## Pentesting Kubernetes
2021-04-26 14:49:13 +00:00
2021-12-22 15:22:43 +00:00
### From the Outside
2021-04-26 14:49:13 +00:00
2021-12-22 15:22:43 +00:00
There are several possible **Kubernetes services that you could find exposed** on the Internet (or inside internal networks). If you find them you know there is Kubernetes environment in there.
2021-04-26 14:49:13 +00:00
2021-12-22 15:22:43 +00:00
Depending on the configuration and your privileges you might be able to abuse that environment, for more information:
2021-04-28 13:49:35 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="pentesting-kubernetes-from-the-outside.md" %}
[pentesting-kubernetes-from-the-outside.md ](pentesting-kubernetes-from-the-outside.md )
{% endcontent-ref %}
2021-04-28 16:27:24 +00:00
2021-04-27 23:18:16 +00:00
### Enumeration inside a Pod
2021-04-28 23:33:12 +00:00
If you manage to **compromise a Pod** read the following page to learn how to enumerate and try to **escalate privileges/escape** :
2021-12-22 15:22:43 +00:00
{% content-ref url="attacking-kubernetes-from-inside-a-pod.md" %}
[attacking-kubernetes-from-inside-a-pod.md ](attacking-kubernetes-from-inside-a-pod.md )
2021-10-18 11:21:18 +00:00
{% endcontent-ref %}
2021-04-27 23:18:16 +00:00
2021-12-22 15:22:43 +00:00
### Enumerating Kubernetes with Credentials
2021-04-24 11:40:49 +00:00
2021-12-22 15:22:43 +00:00
You might have managed to compromise **user credentials, a user token or some service account toke**n. You can use it to talk to the Kubernetes API service and try to **enumerate it to learn more** about it:
2021-04-24 11:40:49 +00:00
2021-10-18 11:21:18 +00:00
{% content-ref url="enumeration-from-a-pod.md" %}
[enumeration-from-a-pod.md ](enumeration-from-a-pod.md )
{% endcontent-ref %}
2021-04-24 11:40:49 +00:00
2021-12-22 15:22:43 +00:00
Another important details about enumeration and Kubernetes permissions abuse is the **Kubernetes Role-Based Access Control (RBAC)** . If you want to abuse permissions, you first should read about it here:
2021-05-04 11:44:49 +00:00
2021-12-22 15:22:43 +00:00
{% content-ref url="kubernetes-role-based-access-control-rbac.md" %}
[kubernetes-role-based-access-control-rbac.md ](kubernetes-role-based-access-control-rbac.md )
{% endcontent-ref %}
2021-04-27 09:44:49 +00:00
2021-12-22 15:22:43 +00:00
#### Knowing about RBAC and having enumerated the environment you can now try to abuse the permissions with:
2021-04-27 09:44:49 +00:00
2021-12-22 15:22:43 +00:00
{% content-ref url="hardening-roles-clusterroles.md" %}
[hardening-roles-clusterroles.md ](hardening-roles-clusterroles.md )
{% endcontent-ref %}
2021-04-27 09:44:49 +00:00
