gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-31 15:05:44 -08:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to using mdbook

Browse Source
This commit is contained in:
Congon4tor
2024-12-31 17:04:35 +01:00
parent b9a9fed802
commit cd27cf5a2e
1373 changed files with 26143 additions and 34152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
src/pentesting-cloud/kubernetes-security/README.md Normal file
View File

@@ -0,0 +1,80 @@
# Kubernetes Pentesting
{{#include ../../banners/hacktricks-training.md}}
## Kubernetes Basics
If you don't know anything about Kubernetes this is a **good start**. Read it to learn about the **architecture, components and basic actions** in Kubernetes:
{{#ref}}
kubernetes-basics.md
{{#endref}}
### Labs to practice and learn
- [https://securekubernetes.com/](https://securekubernetes.com)
- [https://madhuakula.com/kubernetes-goat/index.html](https://madhuakula.com/kubernetes-goat/index.html)
## Hardening Kubernetes / Automatic Tools
{{#ref}}
kubernetes-hardening/
{{#endref}}
## Manual Kubernetes Pentest
### From the Outside
There are several possible **Kubernetes services that you could find exposed** on the Internet (or inside internal networks). If you find them you know there is Kubernetes environment in there.
Depending on the configuration and your privileges you might be able to abuse that environment, for more information:
{{#ref}}
pentesting-kubernetes-services/
{{#endref}}
### Enumeration inside a Pod
If you manage to **compromise a Pod** read the following page to learn how to enumerate and try to **escalate privileges/escape**:
{{#ref}}
attacking-kubernetes-from-inside-a-pod.md
{{#endref}}
### Enumerating Kubernetes with Credentials
You might have managed to compromise **user credentials, a user token or some service account toke**n. You can use it to talk to the Kubernetes API service and try to **enumerate it to learn more** about it:
{{#ref}}
kubernetes-enumeration.md
{{#endref}}
Another important details about enumeration and Kubernetes permissions abuse is the **Kubernetes Role-Based Access Control (RBAC)**. If you want to abuse permissions, you first should read about it here:
{{#ref}}
kubernetes-role-based-access-control-rbac.md
{{#endref}}
#### Knowing about RBAC and having enumerated the environment you can now try to abuse the permissions with:
{{#ref}}
abusing-roles-clusterroles-in-kubernetes/
{{#endref}}
### Privesc to a different Namespace
If you have compromised a namespace you can potentially escape to other namespaces with more interesting permissions/resources:
{{#ref}}
kubernetes-namespace-escalation.md
{{#endref}}
### From Kubernetes to the Cloud
If you have compromised a K8s account or a pod, you might be able able to move to other clouds. This is because in clouds like AWS or GCP is possible to **give a K8s SA permissions over the cloud**.
{{#ref}}
kubernetes-pivoting-to-clouds.md
{{#endref}}
{{#include ../../banners/hacktricks-training.md}}