Skip to content

Exploit: k8s cronjob

Jump to bottom
cdxy edited this page Jan 20, 2021 · 1 revision

Create K8s CronJob to run user-specified image and cmd.

部署K8s CronJob定时创建用户指定的image并运行cmd。

Usage

cdk run k8s-cronjob (default|anonymous|<service-account-token-path>) (min|hour|day|<cron-expr>) <image> <args>

Request Options:
default: connect API server with pod's default service account token
anonymous: connect API server with user system:anonymous
<service-account-token-path>: connect API server with user-specified service account token.

Cron Options:
min: deploy cronjob with schedule "* * * * *"
hour: deploy cronjob with schedule "0 * * * *"
day: deploy cronjob with schedule "0 0 * * *"
<cron-expr>: your custom cron expression

Exploit Options:
<image>: your backdoor image (you can upload it to dockerhub before)
<args>: your custom shell command which will run when container creates

Example

./cdk run k8s-cronjob default min alpine "echo hellow;echo cronjob"

png

After exploit:

png

Clone this wiki locally