kubeletmein: Security program for Kubernetes

Kubeletmein is a simple pentest tool that exploits cloud threats to a cluster of Kubernetes to gain access to the k8s API.

This access can be used to further control applications running in the cloud or in many other cases, facilitating complete control of Kubernetes.

Contents hide
Supported providers and use
G.K.E.
EKS
Digital Ocean

Supported providers and use

G.K.E.

The GKE ( Kubernetes Engine) is fully supported and based on disabling all hidden metadata.



 


EKS


Support for Amazon Elastic Kubernetes Service was originally added by @ airman604 based on startup script AWS EKS. This has been extended to provide support for various types of user data encountered in EKS.


Specifically, it will support cloud-config and shell script formats. In the latter case the , προσπαθεί να αναλύσει τα ορίσματα της γραμμής  /etc/eks/bootstrap.sh and retrieve the values ​​it needs from there.

















~ $ kubeletmein generate 2021-03-02T21:37:59Z [ℹ] running autodetect 2021-03-02T21:37:59Z [ℹ] EKS detected 2021-03-02T21:37:59Z [ℹ] fetching  information from user-data from the metadata service 2021-03-02T21:37:59Z [ℹ] getting IMDSv2 token 2021-03-02T21:37:59Z [ℹ] getting user-data 2021-03-02T21:37:59Z [ ℹ ] generating EKS node kubeconfig file at: kubeconfig 2021-03-02T21:37:59Z [ℹ ] wrote kubeconfig 2021-03-02T21:37:59Z [ℹ ] then try: kubectl --kubeconfig kubeconfig get pods


 


Digital Ocean


Supported by default, DO provides metadata credits and this cannot be disabled.


root@kubeletmein-vulnerable:/# kubeletmein generate 2021-03-04T23:39:46Z [ℹ] running autodetect 2021-03-04T23:39:46Z [ℹ]   detected 2021-03-04T23:39:46Z [ℹ] fetching kubelet creds from metadata service 2021-03-04T23:39:46Z [ℹ] writing ca cert to: ca-certificates.crt 2021-03-04T23:39:46Z [ℹ] generating bootstrap-kubeconfig file at: bootstrap-kubeconfig 2021-03-04T23:39:46Z [ℹ] wrote bootstrap-kubeconfig 2021-03-04T23:39:46Z [ℹ] using bootstrap-config to request new cert for node: kubeletmein-node 2021-03-04T23:39:46Z [ℹ] got new cert and wrote kubeconfig 2021-03-04T23:39:46Z [ℹ] now try: kubectl --kubeconfig kubeconfig get pods root@kubeletmein-vulnerable :/# kubectl --kubeconfig kubeconfig get pods NAME READY STATUS RESTARTS AGE kubeletmein-vulnerable 1/1 Running 0 6m12s


 


You can download the program from here.




iGuRu.gr The Best Technology Site in Greecefgns






every publication, directly to your inbox

















 






Join the 2.083 registrants. 




 



























enginegooglekubernetessecurity

















Written by Anastasis Vasileiadis






Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.




















Leave a reply 
Your email address is not published. Required fields are mentioned with *
 
Your message will not be published if:

1. Contains insulting, defamatory, racist, offensive or inappropriate comments.


2. Causes harm to minors.


3. It interferes with the privacy and individual and social rights of other users.


4. Advertises products or services or websites.


5. Contains personal information (address, phone, etc.).