Module: Msf::Exploit::Remote::HTTP::Kubernetes
- Includes:
- Post::File, PostMixin
- Defined in:
- lib/msf/core/exploit/remote/http/kubernetes.rb,
lib/msf/core/exploit/remote/http/kubernetes/error.rb,
lib/msf/core/exploit/remote/http/kubernetes/client.rb
Overview
Base mixin for Kubernetes exploits,
Defined Under Namespace
Modules: Enumeration, Error, Output, Secret Classes: AuthParser, Client
Instance Attribute Summary
Attributes included from SessionCompatibility
Attributes included from Module::HasActions
#actions, #default_action, #passive, #passive_actions
Instance Method Summary collapse
- #api_token ⇒ Object
- #configure_via_session ⇒ Object
- #connect_ws(opts = {}, *args) ⇒ Object
- #initialize(info = {}) ⇒ Object
- #namespace ⇒ Object
- #rhost ⇒ Object
- #rport ⇒ Object
- #send_request_raw(opts = {}, *args) ⇒ Object
- #validate_configuration! ⇒ Object
Methods included from Post::File
#_append_file_powershell, #_append_file_unix_shell, #_can_echo?, #_read_file_meterpreter, #_read_file_powershell, #_read_file_powershell_fragment, #_shell_command_with_success_code, #_unix_max_line_length, #_win_ansi_append_file, #_win_ansi_write_file, #_win_bin_append_file, #_win_bin_write_file, #_write_file_meterpreter, #_write_file_powershell, #_write_file_powershell_fragment, #_write_file_unix_shell, #append_file, #attributes, #cd, #chmod, #copy_file, #dir, #directory?, #executable?, #exist?, #expand_path, #exploit_data, #exploit_source, #file?, #file_local_write, #file_remote_digestmd5, #file_remote_digestsha1, #file_remote_digestsha2, #immutable?, #mkdir, #pwd, #read_file, #readable?, #rename_file, #rm_f, #rm_rf, #setuid?, #stat, #upload_and_chmodx, #upload_file, #writable?, #write_file
Methods included from Post::Common
#clear_screen, #cmd_exec, #cmd_exec_get_pid, #cmd_exec_with_result, #command_exists?, #get_env, #get_envs, #peer, #report_virtualization
Methods included from SessionCompatibility
#check_for_session_readiness, #cleanup, #command_names_for, #compatible_sessions, #meterpreter_session_incompatibility_reasons, #passive?, #post_commands, #session, #session_changed?, #session_compatible?, #session_display_info, #session_incompatibility_reasons, #setup, #sysinfo
Methods included from Module::HasActions
#action, #find_action, #passive?, #passive_action?
Methods included from Auxiliary::Report
#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot
Methods included from Metasploit::Framework::Require
optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines
Instance Method Details
#api_token ⇒ Object
31 32 33 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 31 def api_token @api_token || datastore['TOKEN'] end |
#configure_via_session ⇒ Object
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 47 def configure_via_session vprint_status("Configuring options via session #{session.sid}") unless directory?('/run/secrets/kubernetes.io') # This would imply that the target is not a Kubernetes container fail_with(Msf::Module::Failure::NotFound, 'The kubernetes.io directory was not found') end if api_token.blank? token = read_file('/run/secrets/kubernetes.io/serviceaccount/token') fail_with(Msf::Module::Failure::NotFound, 'The API token was not found, manually set the TOKEN option') if token.blank? print_good("API Token: #{token}") @api_token = token end if namespace.blank? ns = read_file('/run/secrets/kubernetes.io/serviceaccount/namespace') fail_with(Msf::Module::Failure::NotFound, 'The namespace was not found, manually set the NAMESPACE option') if ns.blank? print_good("Namespace: #{ns}") @namespace = ns end service_host = service_port = nil if rhost.blank? service_host = get_env('KUBERNETES_SERVICE_HOST') fail_with(Msf::Module::Failure::NotFound, 'The KUBERNETES_SERVICE_HOST environment variable was not found, manually set the RHOSTS option') if service_host.blank? @rhost = service_host end if rport.blank? service_port = get_env('KUBERNETES_SERVICE_PORT_HTTPS') fail_with(Msf::Module::Failure::NotFound, 'The KUBERNETES_SERVICE_PORT_HTTPS environment variable was not found, manually set the RPORT option') if service_port.blank? @rport = service_port.to_i end if service_host || service_port service = "#{Rex::Socket.is_ipv6?(service_host) ? '[' + service_host + ']' : service_host}:#{service_port}" print_good("Kubernetes service host: #{service}") end end |
#connect_ws(opts = {}, *args) ⇒ Object
19 20 21 22 23 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 19 def connect_ws(opts = {}, *args) opts['comm'] = session opts['vhost'] = rhost super end |
#initialize(info = {}) ⇒ Object
8 9 10 11 12 13 14 15 16 17 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 8 def initialize(info = {}) super ( [ Msf::OptString.new('TOKEN', [false, 'Kubernetes API token']), Msf::OptString.new('NAMESPACE', [false, 'The Kubernetes namespace', 'default']), ] ) end |
#namespace ⇒ Object
43 44 45 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 43 def namespace @namespace || datastore['NAMESPACE'] end |
#rhost ⇒ Object
35 36 37 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 35 def rhost @rhost || datastore['RHOST'] end |
#rport ⇒ Object
39 40 41 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 39 def rport @rport || datastore['RPORT'] end |
#send_request_raw(opts = {}, *args) ⇒ Object
25 26 27 28 29 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 25 def send_request_raw(opts = {}, *args) opts['comm'] = session opts['vhost'] = rhost super end |
#validate_configuration! ⇒ Object
92 93 94 95 96 97 98 |
# File 'lib/msf/core/exploit/remote/http/kubernetes.rb', line 92 def validate_configuration! fail_with(Msf::Module::Failure::BadConfig, 'Missing option: RHOSTS') if rhost.blank? fail_with(Msf::Module::Failure::BadConfig, 'Missing option: RPORT') if rport.blank? fail_with(Msf::Module::Failure::BadConfig, 'Invalid option: RPORT') unless rport.to_i > 0 && rport.to_i < 65536 fail_with(Msf::Module::Failure::BadConfig, 'Missing option: TOKEN') if api_token.blank? fail_with(Msf::Module::Failure::BadConfig, 'Missing option: NAMESPACE') if namespace.blank? end |