GITBOOK-648: No subject

HackTricks-wiki · Jul 23, 2024 · cbfb0c9 · cbfb0c9
1 parent e15f924
commit cbfb0c9
Showing 1 changed file with 31 additions and 22 deletions.
diff --git a/pentesting-cloud/kubernetes-security/kubernetes-enumeration.md b/pentesting-cloud/kubernetes-security/kubernetes-enumeration.md
@@ -1,8 +1,8 @@
 # Kubernetes Enumeration
 
 {% hint style="success" %}
-Learn & practice AWS Hacking:<img src="/.gitbook/assets/image.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/image.png" alt="" data-size="line">\
-Learn & practice GCP Hacking: <img src="/.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Learn & practice AWS Hacking:<img src="../../.gitbook/assets/image.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/image.png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>
 
@@ -135,9 +135,11 @@ Having the token and the address of the API server you use kubectl or curl to ac
 
 By default, The APISERVER is communicating with `https://` schema
 
+{% code overflow="wrap" %}
 ```bash
-alias k='kubectl --token=$TOKEN --server=https://$APISERVER --insecure-skip-tls-verify=true'
+alias k='kubectl --token=$TOKEN --server=https://$APISERVER --insecure-skip-tls-verify=true [--all-namespaces]' # Use --all-namespaces to always search in all namespaces
 ```
+{% endcode %}
 
 > if no `https://` in url, you may get Error Like Bad Request.
 
@@ -221,7 +223,7 @@ kurl -i -s -k -X $'POST' \
 {% endtab %}
 {% endtabs %}
 
-Another way to check your privileges is using the tool: [**https://github.com/corneliusweig/rakkess**](https://github.com/corneliusweig/rakkess)****
+Another way to check your privileges is using the tool: [**https://github.com/corneliusweig/rakkess**](https://github.com/corneliusweig/rakkess)\*\*\*\*
 
 You can learn more about **Kubernetes RBAC** in:
 
@@ -275,7 +277,7 @@ kurl -k -v https://$APISERVER/api/v1/namespaces/
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k get secrets -o yaml
 k get secrets -o yaml -n custnamespace
 ```
@@ -320,8 +322,8 @@ The deployments specify the **components** that need to be **run**.
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
-.k get deployments
+```bash
+k get deployments
 k get deployments -n custnamespace
 ```
 {% endtab %}
@@ -339,7 +341,7 @@ The Pods are the actual **containers** that will **run**.
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k get pods
 k get pods -n custnamespace
 ```
@@ -358,7 +360,7 @@ Kubernetes **services** are used to **expose a service in a specific port and IP
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k get services
 k get services -n custnamespace
 ```
@@ -377,7 +379,7 @@ Get all the **nodes configured inside the cluster**.
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k get nodes
 ```
 {% endtab %}
@@ -395,7 +397,7 @@ kurl -v https://$APISERVER/api/v1/nodes/
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k get daemonsets
 ```
 {% endtab %}
@@ -413,7 +415,7 @@ Cron jobs allows to schedule using crontab like syntax the launch of a pod that
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k get cronjobs
 ```
 {% endtab %}
@@ -430,9 +432,8 @@ kurl -v https://$APISERVER/apis/batch/v1beta1/namespaces/<namespace>/cronjobs
 configMap always contains a lot of information and configfile that provide to apps which run in the kubernetes. Usually You can find a lot of password, secrets, tokens which used to connecting and validating to other internal/external service.
 
 {% tabs %}
-
 {% tab title="kubectl" %}
-```
+```bash
 k get configmaps # -n namespace
 ```
 {% endtab %}
@@ -442,15 +443,25 @@ k get configmaps # -n namespace
 kurl -v https://$APISERVER/api/v1/namespaces/${NAMESPACE}/configmaps 
 ```
 {% endtab %}
-
 {% endtabs %}
 
+### Get Network Policies / Cilium Network Policies
+
+{% tabs %}
+{% tab title="First Tab" %}
+```bash
+k get networkpolicies
+k get CiliumNetworkPolicies
+k get CiliumClusterwideNetworkPolicies
+```
+{% endtab %}
+{% endtabs %}
 
-### Get "all"
+### Get Everything / All
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k get all
 ```
 {% endtab %}
@@ -460,7 +471,7 @@ k get all
 
 {% tabs %}
 {% tab title="kubectl" %}
-```
+```bash
 k top pod --all-namespaces
 ```
 {% endtab %}
@@ -479,8 +490,6 @@ kubectl get pod <name> [-n <namespace>] -o yaml
 > `k get nodes --show-labels`
 >
 > Commonly, kubernetes.io/hostname and node-role.kubernetes.io/master are all good label for select.
->  
-> [reference]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
 
 Then you create your attack.yaml file
 
@@ -541,8 +550,8 @@ Information obtained from: [Kubernetes Namespace Breakout using Insecure Host Pa
 {% embed url="https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-3" %}
 
 {% hint style="success" %}
-Learn & practice AWS Hacking:<img src="/.gitbook/assets/image.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/image.png" alt="" data-size="line">\
-Learn & practice GCP Hacking: <img src="/.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Learn & practice AWS Hacking:<img src="../../.gitbook/assets/image.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/image.png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>