Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Kubernetes: Kubernetes Dashboard
published on 2019-01-11 14:00:00 UTC by UnknownContent:
Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it.
Usually found on port 30000
kube-hunter finding for it:
Vulnerabilities
+-----------------------+---------------+----------------------+----------------------+------------------+
| LOCATION | CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE |
+-----------------------+---------------+----------------------+----------------------+------------------+
| 1.2.3.4:30000 | Remote Code | Dashboard Exposed | All oprations on the | nodes: pach-okta |
| | Execution | | cluster are exposed | |
+-----------------------+---------------+----------------------+----------------------+------------------+
Why do you care? It has access to all pods and secrets within the cluster. So rather than using command line tools to get secrets or run code you can just do it in a web browser.
Screenshots of what it looks like:
viewing secrets
utilization
logs
shells
https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html
Published: 2019 01 11 14:00:00
Received: 2024 02 19 11:44:46
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Views: 0
