Exposing Media, Political, and AI Bias - Fair-Use Open-Source Intelligence
Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including 2.145…
Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including 2.145…
Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything Refs: https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0 https://www.slideshare.net/BorgHan/hacking-docker-the-easy-way https://blog.secureideas.com/2018/05/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html https://blog.secureideas.com/2018/08/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-2.html https://infoslack.com/devops/exploring-docker-remote-api https://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdf…
Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything Refs: https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0 https://www.slideshare.net/BorgHan/hacking-docker-the-easy-way https://blog.secureideas.com/2018/05/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html https://blog.secureideas.com/2018/08/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-2.html https://infoslack.com/devops/exploring-docker-remote-api https://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdf…
Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint or…
Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via…
Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods…
Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint or…
Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods…
Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via…
Other Kubernetes ports What are some of the visible ports used in Kubernetes? 44134/tcp - Helmtiller, weave, calico 10250/tcp - kubelet (kublet exploit) No authN, completely open /pods /runningpods /containerLogs…
Other Kubernetes ports What are some of the visible ports used in Kubernetes? 44134/tcp - Helmtiller, weave, calico 10250/tcp - kubelet (kublet exploit) No authN, completely open /pods /runningpods /containerLogs…
Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do…
How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +---------------+-------------+------------------+----------------------+----------------+ +----------------+------------+------------------+----------------------+----------------+ | 1.2.3.4:10250 | Information…
How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION CATEGORY &nbs...
Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do…
I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful…
I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful…
"cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports…
Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster…
Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster…
"cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports…