61 lines
2.5 KiB
Markdown
61 lines
2.5 KiB
Markdown
# Pentesting Kubernetes
|
|
|
|
## Kubernetes Basics
|
|
|
|
If you don't know anything about Kubernetes this is a **good start**. Read it to learn about the **architecture, components and basic actions** in Kubernetes:
|
|
|
|
{% content-ref url="kubernetes-basics.md" %}
|
|
[kubernetes-basics.md](kubernetes-basics.md)
|
|
{% endcontent-ref %}
|
|
|
|
## Pentesting Kubernetes
|
|
|
|
### From the Outside
|
|
|
|
There are several possible **Kubernetes services that you could find exposed** on the Internet (or inside internal networks). If you find them you know there is Kubernetes environment in there.
|
|
|
|
Depending on the configuration and your privileges you might be able to abuse that environment, for more information:
|
|
|
|
{% content-ref url="pentesting-kubernetes-from-the-outside.md" %}
|
|
[pentesting-kubernetes-from-the-outside.md](pentesting-kubernetes-from-the-outside.md)
|
|
{% endcontent-ref %}
|
|
|
|
### Enumeration inside a Pod
|
|
|
|
If you manage to **compromise a Pod** read the following page to learn how to enumerate and try to **escalate privileges/escape**:
|
|
|
|
{% content-ref url="attacking-kubernetes-from-inside-a-pod.md" %}
|
|
[attacking-kubernetes-from-inside-a-pod.md](attacking-kubernetes-from-inside-a-pod.md)
|
|
{% endcontent-ref %}
|
|
|
|
### Enumerating Kubernetes with Credentials
|
|
|
|
You might have managed to compromise **user credentials, a user token or some service account toke**n. You can use it to talk to the Kubernetes API service and try to **enumerate it to learn more** about it:
|
|
|
|
{% content-ref url="enumeration-from-a-pod.md" %}
|
|
[enumeration-from-a-pod.md](enumeration-from-a-pod.md)
|
|
{% endcontent-ref %}
|
|
|
|
Another important details about enumeration and Kubernetes permissions abuse is the **Kubernetes Role-Based Access Control (RBAC)**. If you want to abuse permissions, you first should read about it here:
|
|
|
|
{% content-ref url="kubernetes-role-based-access-control-rbac.md" %}
|
|
[kubernetes-role-based-access-control-rbac.md](kubernetes-role-based-access-control-rbac.md)
|
|
{% endcontent-ref %}
|
|
|
|
#### Knowing about RBAC and having enumerated the environment you can now try to abuse the permissions with:
|
|
|
|
{% content-ref url="hardening-roles-clusterroles/" %}
|
|
[hardening-roles-clusterroles](hardening-roles-clusterroles/)
|
|
{% endcontent-ref %}
|
|
|
|
## Labs to practice and learn
|
|
|
|
* [https://securekubernetes.com/](https://securekubernetes.com)
|
|
* [https://madhuakula.com/kubernetes-goat/index.html](https://madhuakula.com/kubernetes-goat/index.html)
|
|
|
|
## Hardening Kubernetes
|
|
|
|
{% content-ref url="kubernetes-hardening/" %}
|
|
[kubernetes-hardening](kubernetes-hardening/)
|
|
{% endcontent-ref %}
|