categories: []
date: '2023-10-28T14:27:50.621257+08:00'
tags: []
title: Kubernetes Goat 03 - SSRF in the Kubernetes (K8S) world
updated: 2023-10-28T14:27:51.146+8:0

SSRF in the Kubernetes (K8S) world

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-28_14-34-34_d41d8cd98f00b204e9800998ecf8427e.jpg

  • SSRF 可以使用bp抓包爆破判断端口号
  • 找到5000端口

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-28_14-40-22_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 根据回显继续访问
  • 找到新的路径
    https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-28_14-41-30_d41d8cd98f00b204e9800998ecf8427e.jpg
  • 继续往下拼接

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-28_14-42-33_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 就这样以此类推
http://metadata-db/latest/secrets/kubernetes-goat
Ruby

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-28_14-43-26_d41d8cd98f00b204e9800998ecf8427e.jpg

  • 解密
azhzLWdvYXQtY2E5MGVmODVkYjdhNWFlZjAxOThkMDJmYjBkZjljYWI=
Makefile

https://gh.putdown.top/https://github.com/futalk/tuchuang/raw/main/img/Snipaste_2023-10-28_14-43-56_d41d8cd98f00b204e9800998ecf8427e.jpg

k8s-goat-ca90ef85db7a5aef0198d02fb0df9cab
Undefined