- Joined
- May 15, 2017
- Messages
- 982
- Likes
- 760
- Points
- 1,045
This tool launches attack on k8s cluster from within. That means you already need to have an access with permission to deploy pods in a cluster to run it. After running the kube-alien pod it tries to takeover cluster's nodes by adding your public key to node's /root/.ssh/authorized_keys file by using this image https://github.com/nixwizard/dockercloud-authorizedkeys (Can be adjusted using ADD_AUTHKEYS_IMAGE param in config.py) forked from docker/dockercloud-authorizedkeys. The attack succeedes if there is a misconfiguration in one of the cluster's components it goes along the following vectors:
- Kubernetes API
- Kubelet service
- Etcd service
- Kubernetes-Dashboard
- While doing security audit of a k8s cluster one can quickly assess it's security posture.
- Partical demostration of the mentioned attack vectors exploitation.
- RCE or SSRF vunerability in an app which is being run in one of your cluster's pods.