This (most of my GKE notes) from: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/K8s-GKE-attack-notes#architecture-overview
The following is a collection of commands/information (pentest/attack oriented) you might find useful to keep as a reference. We'll update any time we get some interesting information.
Generic K8s cheat sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
Files to search for:
Local info:
Using curl/wget/kubectl with auth options
With certificate:
- curl --key <file.key> --cert <file.crt> --cacert <file.crt> --insecure -X GET|POST <url>
- wget --private-key=<file.key> --certificate=<file.crt> --ca-certificate=<file.crt> --no-check-certificate <url>
- kubectl --client-certificate <file.crt> --client-key <file.key> --certificate-authority <file.crt> --server <https://$>{KUBERNETES_PORT_443_TCP_ADDR}
- kubectl --kubeconfig <config> (with certificates inside)
With oauth token (JWT type token):
- curl -kX GET <url> --header "Authorization: Bearer `cat /run/secrets/kubernetes.io/serviceaccount/token`"
- wget -qO- --no-check-certificate --header "Authorization: Bearer `cat /run/secrets/kubernetes.io/serviceaccount/token`" <url>
- kubectl --token <token>` (Also `--username` and `--password` options if basic auth is found)
kubectl: download the binary:
kubectl commands: