前提

介绍

靶场内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Sensitive keys in codebases
DIND (docker-in-docker) exploitation
SSRF in the Kubernetes (K8S) world
Container escape to the host system
Docker CIS benchmarks analysis
Kubernetes CIS benchmarks analysis
Attacking private registry
NodePort exposed services
Helm v2 tiller to PwN the cluster - [Deprecated]
Analyzing crypto miner container
Kubernetes namespaces bypass
Gaining environment information
DoS the Memory/CPU resources
Hacker container preview
Hidden in layers
RBAC least privileges misconfiguration
KubeAudit - Audit Kubernetes clusters
Falco - Runtime security monitoring & detection
Popeye - A Kubernetes cluster sanitizer
Secure network boundaries using NSP
Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement
Securing Kubernetes Clusters using Kyverno Policy Engine

搭建

  • 参考

https://icybersec.gitbook.io/cybersecuritynote/yun-wei-pei-zhi/kubernetes/an-zhuang-bu-shu#an-zhuang-kubectl

kubernetes-goat项目issues

安装helm

1
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
  • 验证
1
2
3
helm version

version.BuildInfo{Version:"v3.11.0", GitCommit:"472c5736ab01133de504a826bd9ee12cbe4e7904", GitTreeState:"clean", GoVersion:"go1.18.10"}

安装socat,用于端口转发

1
apt install -y socat

kubernetes-goat.git

  • 下载项目
1
git clone https://github.com/madhuakula/kubernetes-goat.git
1
cd kubernetes-goat
  • 修改scenarios/internal-proxy/deployment.yaml中CPU和内存值为300M。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
spec:
  selector:
    matchLabels:
      app: internal-proxy
  template:
    metadata:
      labels:
        app: internal-proxy
    spec:
      containers:
      - name: internal-api
        image: madhuakula/k8s-goat-internal-api
        resources:
          limits:
            cpu: 300m
            memory: 300Mi
          requests:
            cpu: 300m
            memory: 300Mi
        ports:
  • 运行
1
2
3
4
5
chmod +x bash setup-kubernetes-goat.sh
chmod +x bash access-kubernetes-goat.sh

bash setup-kubernetes-goat.sh
bash access-kubernetes-goat.sh
  • 访问1234端口,就可以看到全部的场景信息。

报错

  • 个人遇到情况及解决
  • 在执行.sh文件的时候出现的报错
1
2
root@ubuntu20:~/kubernetes-goat# bash setup-kubernetes-goat.sh 
Error: Could not find kubectl or an other error happened, please check kubectl setup.
1
2
root@ubuntu20:~/kubernetes-goat# bash access-kubernetes-goat.sh 
Please check kubectl setup.
1
2
3
4
5
6
7
8
I fixed it using kubectl 1.23.0:
我使用 kubectl 1.23.0 修复了它:

curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

kubectl version --short
  • 执行上面三条命令后,能正常开启靶场
  • 在执行安装helm的命令时下载不下来
1
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
  • 可手动去下载helm再添加环境变量
1
https://get.helm.sh/helm-v3.13.1-linux-amd64.tar.gz
1
mv helm /usr/local/bin/helm

搭建完成

  • 在解决完各种问题后访问ip:1234即可打开靶场

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-26_15-27-00_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 后续会逐步完成靶场内容