ENUMERATION
NMAP
When you can see this is a kubernetes machines
Let's try to use kubectl
I don't have credentials.
Let's try with kubeletctl
Nice i recivied pods from Kubelets
I try to gain RCE in any pod
Nginx and Kube-Proxy are injectables
I try with nginx and next Kube-Proxy
I have shell in nginx!
Hacktricks
https://book.hacktricks.xyz/cloud-security/pentesting-kubernetes/kubernetes-enumeration
I try to see Token an Certificate
I have all:
Look that
Let's list privilieges
I can create new pod!!
I copy same structuere
I comprove:
Perfect!!
I gain shell:
DONE :)