HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Kubesploit: cross-platform post-exploitation HTTP/2 Command & Control server

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,607
Solutions
2
Reputation
32
Reaction score
100,453
Points
2,313
Credits
32,590
‎6 Years of Service‎
 
76%
kubesploit_demo_with_progress_bar.gif


Kubesploit

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of the Merlin project by Russel Van Tuyl (@Ne0nd0g).

Our Motivation

While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage.
They might allow you to see the problem but not exploit it. It is important to run the exploit to simulate a real-world attack that will be used to determine corporate resilience across the network.
When running an exploit, it will practice the organization’s cyber event management, which doesn’t happen when scanning for cluster issues.
It can help the organization learn how to operate when real attacks happen, see if its other detection system works as expected and what changes should be made.
We wanted to create an offensive tool that will meet these requirements.

What’s New

As the C&C and the agent infrastructure were done already by Merlin, we integrated the Go interpreter (“Yaegi”) to be able to run Golang code from the server to the agent.
It allowed us to write our modules in Golang, provide more flexibility on the modules, and dynamically load new modules. It is an ongoing project, and we are planning to add more modules related to Docker and Kubernetes in the future.

The currently available modules are:

    Container breakout using mounting
    Container breakout using docker.sock
    Container breakout using CVE-2019-5736 exploit
    Scan for Kubernetes cluster known CVEs
    Port scanning with focus on Kubernetes services
    Kubernetes service scan from within the container
    Light kubeletctl containing the following options:
        Scan for containers with RCE
        Scan for Pods and containers
        Scan for tokens from all available containers
        Run command with multiple options

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top