devoops – WindowsTechs.com

What is your GCP infra worth?…about ~$700 [Bugbounty]

Posted on March 14, 2020 by Unknown

BugBounty story #bugbountytips
A fixed but they didn’t pay the bugbounty story…
Timeline:

reported 21 Oct 2019
validated at Critical 23 Oct 2019
validated as fixed 30 Oct 2019
Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019
I… Continue reading What is your GCP infra worth?…about ~$700 [Bugbounty]→

Devoops: Nomad with raw_exec enabled

Posted on December 16, 2019 by Unknown

“Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, micro… Continue reading Devoops: Nomad with raw_exec enabled→

Abusing Docker API | Socket

Posted on February 1, 2019 by CG

Notes on abusing open Docker socketsThis wont cover breaking out of docker containersPorts: usually 2375 & 2376 but can be anythingRefs:https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0https://www.slide… Continue reading Abusing Docker API | Socket→

Kubernetes: unauth kublet API 10250 token theft & kubectl

Posted on January 16, 2019 by CG

Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec
kube-hunter output to get us started:
do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods
With that data, you can craft your post… Continue reading Kubernetes: unauth kublet API 10250 token theft & kubectl→

Kubernetes: unauth kublet API 10250 basic code exec

Posted on January 16, 2019 by CG

Unauth API access (10250)
Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it’s still pretty common to find it exposed via the “insecure API service” option.

Everybody who … Continue reading Kubernetes: unauth kublet API 10250 basic code exec→

Kubernetes: Kube-Hunter 10255

Posted on January 16, 2019 by CG

Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint

or the /metrics endpoint

or the /stats endpoint

$ ./kube-hunter.pyChoose one of the … Continue reading Kubernetes: Kube-Hunter 10255→

Kubernetes: Kubelet API containerLogs endpoint

Posted on January 11, 2019 by CG

How to get the info that kube-hunter reports for open /containerLogs endpointVulnerabilities+—————+————-+——————+———————-+—————-+| LOCATION CATEGORY … Continue reading Kubernetes: Kubelet API containerLogs endpoint→

Kubernetes: Master Post

Posted on January 7, 2019 by CG

I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i’m missing blog posts or useful resources ping me here or twitter.Talks you should watch if you are interested in Kuber… Continue reading Kubernetes: Master Post→

I found a GCP service account token…now what?

Posted on January 2, 2019 by CG

Google Cloud Platform (GCP) is rapidly growing in popularity and i haven’t seen too many posts on f**king it up so I’m going to do at least one 🙂
Google has several ways to do authentication but most likely what you are going to come across sho… Continue reading I found a GCP service account token…now what?→