-
Notifications
You must be signed in to change notification settings - Fork 544
Evaluate: Services
cdxy edited this page Nov 24, 2020
·
2 revisions
从ENV和进程信息中提取容器内的敏感服务,如python,ssh等,便于部署后续逃逸/持久化攻击。
Detect sensitive service running in container such as Python, SSH, etc. It's convenient to do further escape or persistence with these service.
cdk evaluate
Edit this file and rebuild CDK. https://github.com/Xyntax/CDK/blob/main/conf/evaluate_conf.go
// match ENV to find useful service
var SensitiveEnvRegex = "(?i)\\bssh_|k8s|kubernetes|docker|gopath"
// match process name to find useful service
var SensitiveProcessRegex = "(?i)ssh|ftp|http|tomcat|nginx|engine|php|java|python|perl|ruby|kube|docker|\\bgo\\b"