Skip to content
/ CVE-2021-25741 Public
forked from Betep0k/CVE-2021-25741

🪄 Instant shell on kubernetes node with CVE-2021-25741 exploit adaptation

License

MIT license
1 star 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ariary/CVE-2021-25741

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
IWAS
IWAS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
attack.yaml
attack.yaml
 
 
create.sh
create.sh
 
 
privesc.yaml
privesc.yaml
 
 

Repository files navigation

About

  • Exploit for CVE-2021-25741 vulnerability
  • ~hostPath for everyone w/0 any restriction: Allows to mount node filesystem inside of new POD with read-write privileges

Pre-requisites

  • Right to create pod with volumes
  • Kubelet version:
    • v1.22.0 - v1.22.1
    • v1.21.0 - v1.21.4
    • v1.20.0 - v1.20.10
    • <= v1.19.14

Go further: [security google blog]

Now let's get some exploit ! 🧨

./IWAS #IWantAShell
As simple as that!
Demo

Why forking a working PoC for an old k8s version

  • Cause I was working on it and I have missed a little detail. So I want to dig it again (play with k8s, volumes etc)
  • Provide a pretty wrapper to the PoC that directly provide a shell
  • Old/deprecated versions never existed in production environment (did it?!!)

About

🪄 Instant shell on kubernetes node with CVE-2021-25741 exploit adaptation

Topics

kubernetes poc infosec cve hostpath k8s-security

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%