2.4 KiB
Pentesting Kubernetes
Kubernetes Basics
If you don't know anything about Kubernetes this is a good start. Read it to learn about the architecture, components and basic actions in Kubernetes:
{% content-ref url="kubernetes-basics.md" %} kubernetes-basics.md {% endcontent-ref %}
Pentesting Kubernetes
From the Outside
There are several possible Kubernetes services that you could find exposed on the Internet (or inside internal networks). If you find them you know there is Kubernetes environment in there.
Depending on the configuration and your privileges you might be able to abuse that environment, for more information:
{% content-ref url="pentesting-kubernetes-from-the-outside.md" %} pentesting-kubernetes-from-the-outside.md {% endcontent-ref %}
Enumeration inside a Pod
If you manage to compromise a Pod read the following page to learn how to enumerate and try to escalate privileges/escape:
{% content-ref url="attacking-kubernetes-from-inside-a-pod.md" %} attacking-kubernetes-from-inside-a-pod.md {% endcontent-ref %}
Enumerating Kubernetes with Credentials
You might have managed to compromise user credentials, a user token or some service account token. You can use it to talk to the Kubernetes API service and try to enumerate it to learn more about it:
{% content-ref url="enumeration-from-a-pod.md" %} enumeration-from-a-pod.md {% endcontent-ref %}
Another important details about enumeration and Kubernetes permissions abuse is the Kubernetes Role-Based Access Control (RBAC). If you want to abuse permissions, you first should read about it here:
{% content-ref url="kubernetes-role-based-access-control-rbac.md" %} kubernetes-role-based-access-control-rbac.md {% endcontent-ref %}
Knowing about RBAC and having enumerated the environment you can now try to abuse the permissions with:
{% content-ref url="hardening-roles-clusterroles.md" %} hardening-roles-clusterroles.md {% endcontent-ref %}