Kubernetes: Kubernetes Dashboard

Tesla was famously hacked for leaving this open and it’s pretty rare to find it exposed externally now but useful to know what it is and what you can do with it. Usually found on port 30000 kube-hunter finding for it: Vulnerabilities ———————– ————— ———————- ———————- —————— | LOCATION              | CATEGORY      |…

Kubernetes: Master Post

I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i’m missing blog posts or useful resources ping me here or twitter.Talks you should watch if you are interested in Kubernetes: Hacking and Hardening Kubernetes Clusters by Example [I] – Brad Geesaman https://www.youtube.com/watch?v=vTgQLzeBfRUhttps://github.com/bgeesaman/https://github.com/bgeesaman/hhkbe [demos for the talk above]https://schd.ws/hosted_files/kccncna17/d8/Hacking…

Kubernetes: open etcd

Quick post on Kubernetes and open etcd (port 2379)“etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative.”-from: https://coreos.com/blog/introducing-the-etcd-operator.html What this means in english is that etcd stores the current state of…

Kubernetes: cAdvisor

“cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers.”runs on port 4194Links:https://kubernetes.io/docs/tasks/debug-application-cluster/resource-usage-monitoring/https://raesene.github.io/blog/2016/10/14/Kubernetes-Attack-Surface-cAdvisor/ What do you get? information disclosure about metrics of the containers. Example request to hit the API and dump data: Screenshots


NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.