Featured Kubernetes: Kubernetes Dashboard Carnal0wnage - Blog Carnal0wnage Blog

Published on February 16th, 2023 📆 | 8495 Views ⚑

0

Kubernetes: Kubernetes Dashboard Carnal0wnage – Blog Carnal0wnage Blog


https://www.ispeech.org/text.to.speech


Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it.

Usually found on port 30000

kube-hunter finding for it:

Vulnerabilities
+-----------------------+---------------+----------------------+----------------------+------------------+
| LOCATION              | CATEGORY      | VULNERABILITY        | DESCRIPTION          | EVIDENCE         |
+-----------------------+---------------+----------------------+----------------------+------------------+
| 1.2.3.4:30000         | Remote Code   | Dashboard Exposed    | All oprations on the | nodes: pach-okta |
|                       | Execution     |                      | cluster are exposed  |                  |
+-----------------------+---------------+----------------------+----------------------+------------------+

Why do you care?  It has access to all pods and secrets within the cluster. So rather than using command line tools to get secrets or run code you can just do it in a web browser.


Screenshots of what it looks like:

viewing secrets









utilization





logs

shells

Source link

Tagged with: • • • • • • • •



Comments are closed.






Š Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑