关联漏洞
标题:kubectl 后置链接漏洞 (CVE-2019-1002101)Description:kubectl是一款用于运行针对Kubernetes集群的命令的命令行程序。 kubectl中存在后置链接漏洞,该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。以下版本受到影响:kubectl 1.11.9版本,1.12.7版本,1.13.5版本,1.14.0版本。
Description
PoC helper scripts and Dockerfile for CVE-2019-1002101
介绍
# kubectl_cp_CVE-2019-1002101
PoC helper scripts and Dockerfile for CVE-2019-1002101
For detailed info, goto https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/ and https://discuss.kubernetes.io/t/announce-security-release-of-kubernetes-kubectl-potential-directory-traversal-releases-1-11-9-1-12-7-1-13-5-and-1-14-0-cve-2019-1002101/5712
## Usage
These steps will help you get a shell via one technique, there are many others.
- Step 1, on your target host, execute setupTar.sh to get your evul tar file and make sure badbin is available
- Step 2, prep the target host to execute your evul "tar" binary by running setupTar.sh (you need perms to write to /bin/tar)
- Step 3, Wait for target to run ```kubectl cp``` and a new bash session to be started
# Extras
- 'Dockerfile' can be used to replace all available path commands to execute your malicious binary, phun to test if a system is executing binaries in user supplied containers.
- replace.sh is a script which can be used to replace all binaries in the current path and ensure that any calls to /bin/abinary instead calls your binary i.e baddbin
文件快照
[4.0K] /data/pocs/8f79f092c7fa8854036a0d1aea459f1e99200585
├── [ 22] badbin
├── [ 426] createPwnTar.sh
├── [ 189] Dockerfile
├── [1.1K] README.md
├── [ 446] replace.sh
└── [ 69] setupTar.sh
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。