109 lines
5.8 KiB
Markdown
109 lines
5.8 KiB
Markdown
# Kubernetes Security
|
|
|
|
<details>
|
|
|
|
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
|
|
|
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
|
|
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
|
|
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
|
|
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
|
|
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
|
|
|
</details>
|
|
|
|
## Kubernetes Basics
|
|
|
|
If you don't know anything about Kubernetes this is a **good start**. Read it to learn about the **architecture, components and basic actions** in Kubernetes:
|
|
|
|
{% content-ref url="kubernetes-basics.md" %}
|
|
[kubernetes-basics.md](kubernetes-basics.md)
|
|
{% endcontent-ref %}
|
|
|
|
## Pentesting Kubernetes
|
|
|
|
### From the Outside
|
|
|
|
There are several possible **Kubernetes services that you could find exposed** on the Internet (or inside internal networks). If you find them you know there is Kubernetes environment in there.
|
|
|
|
Depending on the configuration and your privileges you might be able to abuse that environment, for more information:
|
|
|
|
{% content-ref url="pentesting-kubernetes-from-the-outside.md" %}
|
|
[pentesting-kubernetes-from-the-outside.md](pentesting-kubernetes-from-the-outside.md)
|
|
{% endcontent-ref %}
|
|
|
|
### Enumeration inside a Pod
|
|
|
|
If you manage to **compromise a Pod** read the following page to learn how to enumerate and try to **escalate privileges/escape**:
|
|
|
|
{% content-ref url="attacking-kubernetes-from-inside-a-pod.md" %}
|
|
[attacking-kubernetes-from-inside-a-pod.md](attacking-kubernetes-from-inside-a-pod.md)
|
|
{% endcontent-ref %}
|
|
|
|
### Enumerating Kubernetes with Credentials
|
|
|
|
You might have managed to compromise **user credentials, a user token or some service account toke**n. You can use it to talk to the Kubernetes API service and try to **enumerate it to learn more** about it:
|
|
|
|
{% content-ref url="../../cloud-security/pentesting-kubernetes/kubernetes-enumeration.md" %}
|
|
[kubernetes-enumeration.md](../../cloud-security/pentesting-kubernetes/kubernetes-enumeration.md)
|
|
{% endcontent-ref %}
|
|
|
|
Another important details about enumeration and Kubernetes permissions abuse is the **Kubernetes Role-Based Access Control (RBAC)**. If you want to abuse permissions, you first should read about it here:
|
|
|
|
{% content-ref url="kubernetes-role-based-access-control-rbac.md" %}
|
|
[kubernetes-role-based-access-control-rbac.md](kubernetes-role-based-access-control-rbac.md)
|
|
{% endcontent-ref %}
|
|
|
|
#### Knowing about RBAC and having enumerated the environment you can now try to abuse the permissions with:
|
|
|
|
{% content-ref url="../../cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/" %}
|
|
[abusing-roles-clusterroles-in-kubernetes](../../cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/)
|
|
{% endcontent-ref %}
|
|
|
|
### Privesc to a different Namespace
|
|
|
|
If you have compromised a namespace you can potentially escape to other namespaces with more interesting permissions/resources:
|
|
|
|
{% content-ref url="../../cloud-security/pentesting-kubernetes/namespace-escalation.md" %}
|
|
[namespace-escalation.md](../../cloud-security/pentesting-kubernetes/namespace-escalation.md)
|
|
{% endcontent-ref %}
|
|
|
|
### From Kubernetes to the Cloud
|
|
|
|
If you have compromised a K8s account or a pod, you might be able able to move to other clouds. This is because in clouds like AWS or GCP is possible to **give a K8s SA permissions over the cloud**.
|
|
|
|
{% content-ref url="../../cloud-security/pentesting-kubernetes/kubernetes-access-to-other-clouds.md" %}
|
|
[kubernetes-access-to-other-clouds.md](../../cloud-security/pentesting-kubernetes/kubernetes-access-to-other-clouds.md)
|
|
{% endcontent-ref %}
|
|
|
|
## Labs to practice and learn
|
|
|
|
* [https://securekubernetes.com/](https://securekubernetes.com)
|
|
* [https://madhuakula.com/kubernetes-goat/index.html](https://madhuakula.com/kubernetes-goat/index.html)
|
|
|
|
## Hardening Kubernetes
|
|
|
|
{% content-ref url="kubernetes-hardening/" %}
|
|
[kubernetes-hardening](kubernetes-hardening/)
|
|
{% endcontent-ref %}
|
|
|
|
<details>
|
|
|
|
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
|
|
|
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
|
|
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
|
|
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
|
|
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
|
|
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
|
|
|
</details>
|