Module: Msf::Exploit::Remote::HTTP::Kubernetes

Includes:
Post::File, PostMixin
Defined in:
lib/msf/core/exploit/remote/http/kubernetes.rb,
lib/msf/core/exploit/remote/http/kubernetes/error.rb,
lib/msf/core/exploit/remote/http/kubernetes/client.rb

Overview

Base mixin for Kubernetes exploits,

Defined Under Namespace

Modules: Enumeration, Error, Output, Secret Classes: AuthParser, Client

Instance Attribute Summary

Attributes included from SessionCompatibility

#passive, #session_types

Attributes included from Module::HasActions

#actions, #default_action, #passive, #passive_actions

Instance Method Summary collapse

Methods included from Post::File

#_append_file_powershell, #_append_file_unix_shell, #_can_echo?, #_read_file_meterpreter, #_read_file_powershell, #_read_file_powershell_fragment, #_shell_command_with_success_code, #_shell_process_with_success_code, #_unix_max_line_length, #_win_ansi_append_file, #_win_ansi_write_file, #_win_bin_append_file, #_win_bin_write_file, #_write_file_meterpreter, #_write_file_powershell, #_write_file_powershell_fragment, #_write_file_unix_shell, #append_file, #attributes, #cd, #chmod, #copy_file, #dir, #directory?, #executable?, #exist?, #expand_path, #exploit_data, #exploit_source, #file?, #file_local_write, #file_remote_digestmd5, #file_remote_digestsha1, #file_remote_digestsha2, #immutable?, #mkdir, #pwd, #read_file, #readable?, #rename_file, #rm_f, #rm_rf, #setuid?, #stat, #upload_and_chmodx, #upload_file, #writable?, #write_file

Methods included from Post::Common

#clear_screen, #cmd_exec, #cmd_exec_get_pid, #cmd_exec_with_result, #command_exists?, #create_process, #get_env, #get_envs, #peer, #report_virtualization

Methods included from SessionCompatibility

#check_for_session_readiness, #cleanup, #command_names_for, #compatible_sessions, #meterpreter_session_incompatibility_reasons, #passive?, #post_commands, #session, #session_changed?, #session_compatible?, #session_display_info, #session_incompatibility_reasons, #setup, #sysinfo

Methods included from Module::HasActions

#action, #find_action, #passive?, #passive_action?

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Instance Method Details

#api_tokenObject 



31
32
33
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 31

def api_token
  @api_token || datastore['TOKEN']
end

#configure_via_sessionObject 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 47

def configure_via_session
  vprint_status("Configuring options via session #{session.sid}")

  unless directory?('/run/secrets/kubernetes.io')
    # This would imply that the target is not a Kubernetes container
    fail_with(Msf::Module::Failure::NotFound, 'The kubernetes.io directory was not found')
  end

  if api_token.blank?
    token = read_file('/run/secrets/kubernetes.io/serviceaccount/token')
    fail_with(Msf::Module::Failure::NotFound, 'The API token was not found, manually set the TOKEN option') if token.blank?

    print_good("API Token: #{token}")
    @api_token = token
  end

  if namespace.blank?
    ns = read_file('/run/secrets/kubernetes.io/serviceaccount/namespace')
    fail_with(Msf::Module::Failure::NotFound, 'The namespace was not found, manually set the NAMESPACE option') if ns.blank?

    print_good("Namespace: #{ns}")
    @namespace = ns
  end

  service_host = service_port = nil
  if rhost.blank?
    service_host = get_env('KUBERNETES_SERVICE_HOST')
    fail_with(Msf::Module::Failure::NotFound, 'The KUBERNETES_SERVICE_HOST environment variable was not found, manually set the RHOSTS option') if service_host.blank?

    @rhost = service_host
  end

  if rport.blank?
    service_port = get_env('KUBERNETES_SERVICE_PORT_HTTPS')
    fail_with(Msf::Module::Failure::NotFound, 'The KUBERNETES_SERVICE_PORT_HTTPS environment variable was not found, manually set the RPORT option') if service_port.blank?

    @rport = service_port.to_i
  end

  if service_host || service_port
    service = "#{Rex::Socket.is_ipv6?(service_host) ? '[' + service_host + ']' : service_host}:#{service_port}"
    print_good("Kubernetes service host: #{service}")
  end
end

#connect_ws(opts = {}, *args) ⇒ Object 



19
20
21
22
23
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 19

def connect_ws(opts = {}, *args)
  opts['comm'] = session
  opts['vhost'] = rhost
  super
end

#initialize(info = {}) ⇒ Object 



8
9
10
11
12
13
14
15
16
17
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 8

def initialize(info = {})
  super

  register_options(
    [
      Msf::OptString.new('TOKEN', [false, 'Kubernetes API token']),
      Msf::OptString.new('NAMESPACE', [false, 'The Kubernetes namespace', 'default']),
    ]
  )
end

#namespaceObject 



43
44
45
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 43

def namespace
  @namespace || datastore['NAMESPACE']
end

#rhostObject 



35
36
37
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 35

def rhost
  @rhost || datastore['RHOST']
end

#rportObject 



39
40
41
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 39

def rport
  @rport || datastore['RPORT']
end

#send_request_raw(opts = {}, *args) ⇒ Object 



25
26
27
28
29
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 25

def send_request_raw(opts = {}, *args)
  opts['comm'] = session
  opts['vhost'] = rhost
  super
end

#validate_configuration!Object 



92
93
94
95
96
97
98
 
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 92

def validate_configuration!
  fail_with(Msf::Module::Failure::BadConfig, 'Missing option: RHOSTS') if rhost.blank?
  fail_with(Msf::Module::Failure::BadConfig, 'Missing option: RPORT') if rport.blank?
  fail_with(Msf::Module::Failure::BadConfig, 'Invalid option: RPORT') unless rport.to_i > 0 && rport.to_i < 65536
  fail_with(Msf::Module::Failure::BadConfig, 'Missing option: TOKEN') if api_token.blank?
  fail_with(Msf::Module::Failure::BadConfig, 'Missing option: NAMESPACE') if namespace.blank?
end