From b04579aa3002863eddf99033622ddc8e7d3c5414 Mon Sep 17 00:00:00 2001 From: Ayoma Wijethunga Date: Wed, 20 Jan 2021 09:07:23 +0530 Subject: [PATCH] Add Kubernetes Pentest Methodology Part 3 $subject and minor correction of a file path --- Kubernetes/readme.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Kubernetes/readme.md b/Kubernetes/readme.md index 2751132..cd5b9f8 100644 --- a/Kubernetes/readme.md +++ b/Kubernetes/readme.md @@ -30,7 +30,7 @@ > As it turns out, when pods (a Kubernetes abstraction for a group of containers) are created they are automatically assigned the default service account, and a new volume is created containing the token for accessing the Kubernetes API. That volume is then mounted into all the containers in the pod. ```powershell -$ cat /var/run/secrets/kubernetes.io/serviceaccount +$ cat /var/run/secrets/kubernetes.io/serviceaccount/token # kubectl makes cluster compromise trivial as it will use that serviceaccount token without additional prompting ``` @@ -199,4 +199,5 @@ http://:10255/pods - [Kubernetes Pentest Methodology Part 1 - by Or Ida on August 8, 2019](https://securityboulevard.com/2019/08/kubernetes-pentest-methodology-part-1) - [Kubernetes Pentest Methodology Part 2 - by Or Ida on September 5, 2019](https://securityboulevard.com/2019/09/kubernetes-pentest-methodology-part-2) -- [Capturing all the flags in BSidesSF CTF by pwning our infrastructure - Hackernoon](https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-our-infrastructure-3570b99b4dd0) \ No newline at end of file +- [Kubernetes Pentest Methodology Part 3 - by Or Ida on November 21, 2019](https://securityboulevard.com/2019/11/kubernetes-pentest-methodology-part-3) +- [Capturing all the flags in BSidesSF CTF by pwning our infrastructure - Hackernoon](https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-our-infrastructure-3570b99b4dd0)