DarkStash Support and Advertisement Telegram: @DarkStashMaster
Jabber : [email protected]





DrokCarder

Trusted Hot Vendor
Verified Seller
Staff Member
Premium User
[IMG]


best carding forum
tool launches attack on k8s cluster from within. That means you already need to have an access with permission to deploy pods in a cluster to run it. After running the kube-alien pod it tries to takeover cluster's nodes by adding your public key to node's /root/.ssh/authorized_keys file by using this image https://github.com/nixwizard/dockercloud-authorizedkeys (Can be adjusted using ADD_AUTHKEYS_IMAGE param in config.py) forked from docker/dockercloud-authorizedkeys. The attack succeedes if there is a misconfiguration in one of the cluster's components it goes along the following vectors:
  • Kubernetes API
  • Kubelet service
  • Etcd service
  • Kubernetes-Dashboard
What is the purpose of this tool?
  • While doing security audit of a k8s cluster one can quickly assess it's security posture.
  • Partical demostration of the mentioned attack vectors exploitation.
How can k8s cluster be attacked from within in a real life?
  • RCE or SSRF vunerability in an app which is being run in one of your cluster's pods.
 
Back
Top