Kubernetes namespaces bypass

Kubernetes 命名空间绕过

  • 运行hacker-container镜像
plaintext
1
kubectl run -it hacker-container --image=madhuakula/hacker-container -- sh
  • 报错的话运行这一条
plaintext
1
kubectl run -it hacker-container-2 --image=madhuakula/hacker-container -- sh

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-30_15-48-36_d41d8cd98f00b204e9800998ecf8427e.jpg

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-30_15-48-36_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 查看ip
  • 寻找redis
plaintext
1
nmap -sT -open -p 6379 10.244.0.0/16

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-30_15-55-15_d41d8cd98f00b204e9800998ecf8427e.jpg

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-30_15-55-15_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 连接redis
plaintext
1
redis-cli -h 10.244.0.7

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-30_15-56-22_d41d8cd98f00b204e9800998ecf8427e.jpg

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-30_15-56-22_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 集群内还有许多其他的服务和资源,比如ElasticSearchMongo等等