Skip to content

Releases: cdk-team/CDK

CDK v1.0.6

10 Mar 11:31
@neargle neargle
v1.0.6
19fdff2
Compare
Choose a tag to compare
CDK v1.0.6

💣 Awesome CVE-2022-0492 Exploit!

Release Date: 2022-03-10

📜 Changelog

💣 Exploits

  • Chore(exp & release): build mount cgroup only in linux
  • Fix(exp): unprivileged_userns_clone sysctl file do not exist in CentOS
  • Feat(exploit/abuse-unpriv-userns): exploit of CVE-2022-0492 (#41)
  • Feat(exp/mount_cgroup.go): completely fix #35 in golang-style
  • Fix #38 (exp): shim-pwn protobuf panic after run exploit

🔍 About Evaluate

  • Feat(caps): find out add caps

✨ Others

  • Chore(cli): add version info & commit id for debug

🔑 Hash Table

SHA256 EXECTUE FILE
b5fb2c18b9720d0bfc5f0d25a9922b6f0b88230e1005664885391ef140d7d489 cdk_darwin_amd64
371226668baa95b330676a6268145ad25bfc28f59710f35fc1888aa6b70a74a4 cdk_linux_386
0bb79f2fe4c5f6d451822a26cff27b172270bce29d7430e01bebe904cde0c215 cdk_linux_386_thin
fa7433173643095d5266fd465f88de45d6d157d72dc5915ab1334c03af63b4ba cdk_linux_386_thin_upx
0976936c3c02be348ea926ce86c7204c7e9e59a092477e924c1a1d5bd97cfced cdk_linux_386_upx
eae7c7548d28517d099afef1bc7664f098bfa3c533ee5a0cf763ab28480ebeeb cdk_linux_amd64
ebab27736848eb90409384d231b939702ce97482cc231aba7d0acf58e02db438 cdk_linux_amd64_thin
72f7e33c5313aa5ab15b99778b1f3c4d50d4710b171a635994d0d01e47e8173b cdk_linux_amd64_thin_upx
d697ea397da7603417baaf232512864bd8ecedde47dd199c2d32f653619f0f3b cdk_linux_amd64_upx
cdf9041ba0603c7d7452a2866eee0eaa115ad5d8488d92c1c388c36d321301b1 cdk_linux_arm
4f52fb4cf7dd744b01695e5356442182bc9fdb635da8f766537c12e0d83ad18f cdk_linux_arm64
68080b2cbfd4488f96e0c315ea7e8bf6204de010a05eeb2da621f78caa7254b9 cdk_linux_arm64_thin

PR

  • Implement mount-cgroup in Golang style by kmahyyg in #40
  • feat(exploit/abuse_unpriv_userns.go): exploit of CVE-2022-0492 by kmahyyg in #41

New Contributors

Contributors

kmahyyg
Assets 14
Loading

CDK v1.0.5

06 Mar 16:38
@neargle neargle
v1.0.5
dbd9257
Compare
Choose a tag to compare
CDK v1.0.5

💒 Happy wedding to my friend CDKKWANG, let's release a new version of CDK.
🌸 And fix some bugs by the way. Click to view more changelogs.

Release Date: 2022-03-06

📜 Changelog

💣 Exploits

  • Fix #38 (exp): shim-pwn protobuf panic after run exploit

🔍 About Evaluate

  • Feat(caps): find out add caps

✨ Others

  • Chore(cli): add version info & commit id for debug
  • Fix #38 (exp): shim-pwn protobuf panic after run exploit
  • Fix #37 (eva): add eva args to docopt
  • Chore: support for cdk eval
  • Feat(caps): find out add caps
  • Bump github.com/containerd/containerd from 1.4.11 to 1.4.12
  • Fix action: cedrickring/golang-action is archived, offical actions/setup-go action instead
  • Fix action: apply in all push and pull request
  • Bump github.com/tidwall/gjson from 1.6.7 to 1.9.3
  • Add event: https://community.cncf.io/events/details/cncf-kcd-china-presents-kubernetes-community-days-china/
  • Github action: git build test after a new pull request and push

🔑 Hash Table

SHA256 EXECTUE FILE
0e17084a14b6af8e50ae4917261546121279fd94299bea1f5fcaa77f18a0feaf cdk_darwin_amd64
91cd0a590f86cbda8e33e5a4d90303f270ed6d17b8b36e50030f5a68beb7a704 cdk_linux_386
31b9c5ce299981849c4ec0f90e6dac5a7b894c654eab1c3db4099744a5594e80 cdk_linux_386_thin
e30443b3f19aafa06b3edb124228f6ac35aa51737c3eb78fa007ffdce9d75bc5 cdk_linux_386_thin_upx
aedb680859401bdea82e17109b9d6bb7ec6cfc26bf20687c14eea15c616efb52 cdk_linux_386_upx
c68ea57d7555c49ef4c5ea05363fe0ced7978e751331ea949005d70fff000a00 cdk_linux_amd64
330253612d4c4a3791acfd82257d5a4c1e68ec989e0647abfa4baa560cf0a046 cdk_linux_amd64_thin
a37e4ee0bb7651669d595d3bb44edd135f9d696648f36fb9e35af1e84ee6b795 cdk_linux_amd64_thin_upx
356bdd6cb7c92146fcee5812aba9eb101ff713ff67768bafd59b6f33a5d61eae cdk_linux_amd64_upx
1b2c21dd0c747782c5b23b0ca390a23a17cb3fe437021c5f44e5d77d6b71f656 cdk_linux_arm
2518c6ab5e78e0f644a5c406d84778eb45991564ba136c266d9696fc6996e8ef cdk_linux_arm64
a3995533605772461060559d6afae9de2726e86ef45a53bb924792fbe9baa325 cdk_linux_arm64_thin
Assets 14
Loading

CDK v1.0.4

02 Oct 03:16
@neargle neargle
v1.0.4
75b6418
Compare
Choose a tag to compare
CDK v1.0.4

Release Date: 2021-10-02

📜 Changelog

💣 Exploits

  • Fix DeployBackdoorDaemonset return true when error.
  • Fix build tag mistake in CapDacReadSearch Exploit
  • Better cap_dac_read_search exploit
  • Fix: http authorization token have blank string in prefix or subfix
  • Add force-fuzz option for k8s-psp-dump exploit
  • Add filter string for lxcfs-rw exploit

🔍 About Evaluate

  • Fix DeployBackdoorDaemonset return true when error.

🧰 Tools

  • Fix DeployBackdoorDaemonset return true when error.
  • Fix: http authorization token have blank string in prefix or subfix

✨ Others

  • Fix typo: KCON 2021 Arsenal
  • Add kcon2021 and whc2021
  • Format "run --list" output.
  • Add StringContains function
  • Add filter string for lxcfs-rw exploit
  • Bump github.com/containerd/containerd from 1.4.3 to 1.4.8

🔑 Hash Table

SHA256 EXECTUE FILE
1acd7ea1364e9c78d271cc8341ae804e8a6e143d4c31103d6dd5424dbc80498a cdk_darwin_amd64
2dd16e2f18bd45ff80eb56a524d3af4e87f55054fdb3ada3d2a097824b6487ac cdk_linux_386
c042f360a6deff1b41405dd0f5bee637fc8242d585c714410084ef068a90d9fc cdk_linux_386_thin
ba69953f7e76cb9a1d4992fbb7db913284d265e7d32f6659dd3527874a473404 cdk_linux_386_thin_upx
35a4bba030e749de8667b0284982bd8d187a5ed9e1ced0b3c2e67136aa839cc7 cdk_linux_386_upx
07d53bb25aaa1b6ed1de40f0b8999be20a399172e49876cac3600503793df581 cdk_linux_amd64
9b1bcec7eb978a3412a5ec172181074837f08f4f9c256e8d9f6a8d7d2ce34d74 cdk_linux_amd64_thin
9e8a97e342f21509bdba9c4abfdefafe5b3a4fc60c046415ad397eca356e5d04 cdk_linux_amd64_thin_upx
fde15f9ac15ce720fff310f70bf5d36843516dbda4d98c9bfbcdec6ce44f28e8 cdk_linux_amd64_upx
a41c1b9b2b36e65dc1d8f57a08165289f44ed287893c18146fa32953bc2949fe cdk_linux_arm
1d533c26001b29f11e09de0c350cab64faef97ea49a41f579d01b9ae74d2a0e9 cdk_linux_arm64
21582bab4103dda43821915b76e96870431e1f2f59bc0135ba4700008abdaa32 cdk_linux_arm64_thin
Assets 14
Loading

CDK v1.0.3

08 Jul 14:02
@neargle neargle
v1.0.3
cf4a6f0
Compare
Choose a tag to compare
CDK v1.0.3

Release Date: 2021-07-08

📜 Changelog

💣 Exploits

  • Add exploit: to container image registry, brute force the accounts and passwords cracking

✨ Others

  • Add document for brute force the accounts and passwords cracking
  • Add meta-data api url of ucloud PR #24
  • Auto changelog: move changelog generate code to bash script

🔑 Hash Table

SHA256 EXECTUE FILE
313d2e2dad28703bf74b58c71131036e978667067d0cf77217435f10ff50a7df cdk_darwin_amd64
51093bb7f3a947ed390aa2a560dbe91621379ef2125582249a5769aa5a58b379 cdk_linux_386
f889cf4f3cf56e385114be1e91477a51f5022cafb7bcd5cfc8eb20704e82e9e0 cdk_linux_386_thin
e01fee07234e35d11957d7ff65a5e2e7e0bac4a4ff061fd5b5d90a42701c1c49 cdk_linux_386_thin_upx
bf07c8fc6c899e793274614b8a98565fbedba9516c437c7594fec9fa15dd4d41 cdk_linux_386_upx
d2053465e2b96e8fb144090dd3cb1b7d02c1364f0d66eae234995c89c2f57c64 cdk_linux_amd64
bd3e5f1a848ec10158f529073a346f56c08a18c1e4cbfa1a85714037fe1561fe cdk_linux_amd64_thin
4f188f89c92bb150c8b0b623d2041373b946a8920e97e464964ed79def029605 cdk_linux_amd64_thin_upx
e443f79a4b00598ac5a5adc8826b605db24b6345ae1fb4180aa4f173152fffc0 cdk_linux_amd64_upx
d57859e45a603966302841da3a61fa3e604a2ddd7be8bb2f1feb9bde74464061 cdk_linux_arm
635640f232a519c71fbdd148bfef9ef8f9c61909106f2d458273fa07830b21ea cdk_linux_arm64
d650309e0c7cefdb0fd5c2f29e30282d0d2f1be44fc389158c5d011a987245b4 cdk_linux_arm64_thin
Assets 14
Loading

CDK v1.0.2

17 Jun 00:07
@neargle neargle
v1.0.2
aca9cd6
Compare
Choose a tag to compare
CDK v1.0.2

Release Date: 2021-06-17

📜 Changelog

💣 Exploits

  • Add CAP_DAC_READ_SEARCH exploit
  • Fix error when target mountpoint is not a directory
  • Add SYS_ADMIN check and format capability output
  • Fix: truncation or EOF when reading target file
  • Various supplements to cap-dac-read-search

🔍 About Evaluate

  • More infomations about available linux capabilities
  • Add SYS_ADMIN check and format capability output
  • Add check for CAP_SYS_MODULE and CAP_DAC_READ_SEARCH

✨ Others

  • Add meta-data api url of ucloud PR #24 from Alex-null/main
  • Auto changelog: move changelog generate code to bash script
  • Bash variables uppercase and add other changelogs
  • Changelog generation by automatic in github action
  • Add meta-data api url of Amazon Web Services Cloud
  • More infomations about available linux capabilities
  • Add check for CAP_SYS_MODULE and CAP_DAC_READ_SEARCH
  • Add check for OpenStack metadata
  • Add CAP_DAC_READ_SEARCH exploit
  • Update release note format

🔑 Hash Table

SHA256 EXECTUE FILE
c6986103a201b81ebf196dd945c4bf5b1992b4fd8db03479d7be2595a5c467fc cdk_darwin_amd64
05776513007563031e633e1e5820914bfdcac5df19fe7fc93be680df32f75362 cdk_linux_386
0c9a9c3ce08d379b81646f92d8cb90fbd3fb384e497a4388f4bc33f1c4c41a44 cdk_linux_386_thin
080b84e655682e3b4cd130b009a6c838a4c96ea147796cf216ffe3ebbaa256b1 cdk_linux_386_thin_upx
f4e3039aaa1670e865d77746b6facb72dd3f72d8b240a972a6d48611b0ff4219 cdk_linux_386_upx
f4f23d5b522d8f58e46963452ce15087bcff3955bbea95306e24433dfeacbd3a cdk_linux_amd64
6112fed1a30fcd45861afdbd13a6888f5cbeb6c3711d8262d6248eb4941aa2da cdk_linux_amd64_thin
d0a793ba054cb2ce81173cdfed434c511aec8c631a3597d9581c191bc1525c2e cdk_linux_amd64_thin_upx
bbae26473d5ca41404788c5b58ab495e9b7fdd988986657be0e0505400047207 cdk_linux_amd64_upx
11ae0608b6218b088dc3880ab366c93247bc33665a8a7f14b9da4d450e449dfe cdk_linux_arm
3e1e22f3efa5aa2e7da26e2e6e82468e20de8d593b748f2521cfaf78d9043a2a cdk_linux_arm64
a89e428291b7d4d870e2f24564c86bdaed721131926eeae10602c5b86295466c cdk_linux_arm64_thin
Assets 14
Loading

CDK v1.0.1

14 Apr 03:29
@github-actions github-actions
v1.0.1
3d86365
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
CDK v1.0.1

Fixes

  • fit exploit k8s-backdoor-daemonset for k8s- for k8s version >1.8. #13 @greenhandatsjtu
  • fit exploit k8s-shadow-apiserver for Tencent Cloud TKE cluster.
sha256 exectue file
eca140e2de5725eeaa29ab48f86e1745ef0232aaafd04298eccb742e1241171b cdk_darwin_amd64
8956389a7a50dcf4b7ab221c1b91172e7f7fb298dbf43a8251abfb76334e7a4e cdk_linux_386
67e7e9e8a9ae97ff4a2f1878746be4c10af64f43867d2e9ead31470145c689b8 cdk_linux_386_thin
72ce22f23461dffa813c1a36c37ae081664ee255cbaf0e4b87d5108ab3101df2 cdk_linux_386_thin_upx
6efb691f0411b0e57b39c9efae1a55033cb8d5de3911d1ed120bf8787f395f1f cdk_linux_386_upx
7fe4d08596fc13f16ed9bc29345a09a153e7e006bad88289836092bfc0e1ff1d cdk_linux_amd64
db32aad6f38b4b0b38b65ba962eb9c256640324f01cef1d9e9eda4a32106a8a5 cdk_linux_amd64_thin
0674724cfc3997eacbac08e11b5b416a818b1dab5c6be50861babdbf84c376ad cdk_linux_amd64_thin_upx
2bb27f59beed6f28e048b581de811a1443aa880dc8172f3156146c4cf782b68b cdk_linux_amd64_upx
d049e53c682c148dc71b1a794973ad8c782014f9f32836c72ad141d05d94f022 cdk_linux_arm
6bd11a9b68e81660518ccc9888cf6ea1f2d85c5bb33857f543298c2386e07bdf cdk_linux_arm64
0f45809e1a640a7f54dd5211aff1b5239c310b0e81ddfb1244345ce6ec9d72e2 cdk_linux_arm64_thin
Assets 14
Loading

CDK v1.0

11 Apr 06:58
@github-actions github-actions
v1.0
76b180a
Compare
Choose a tag to compare
CDK v1.0

New features

  • Make capabilities information readable.
  • Update cgroup and hostname capabilities in the evaluate module.
  • Update rewrite-cgroup-devices exploit to make it more stable.
  • More ports for k8s service probe.
  • Enable auto-pwn task.
  • New exploit: k8s-get-sa-token
  • New exploit: k8s-psp-dump
  • Release the thin version, now CDK can be easily used to pwn serverless/function service.
  • Use Github actions to compile and release.

Fixes

  • HTTP header set twice in several exploits.
  • Wrong parameter output in k8s-backdoor-daemonset exploit.

Release Date: 2021-04-11

sha256 exectue file
802cc16a8b00b49fbc1685cdfa652fabe7b53d5d0e1fe1a1da4ab0da59ec263f cdk_darwin_amd64
b074de2206cbff42293870201e0faf2113986a64fba6cc4682e2a87f518ee7d4 cdk_linux_386
6e24ebb4b88122fe10261cb8cf32f92c812690c49aea29f2d708557ea5feb186 cdk_linux_386_thin
350189c879eb3d936a434927b1fa41d353d2ebdbc6589e9efa29ea5e05329fe5 cdk_linux_386_thin_upx
dbeab309b7ecd219233a56c43b0c95f88a39c7d1d524d5f71d319a5928a2b5ad cdk_linux_386_upx
e4f24bd9724afff4200cf4c57eeb2ba37b9bf99b7add53ce1262e2e98c80a812 cdk_linux_amd64
0857d4485dee17166c1754eb699e8e8e720bff825717e5a23531cd4b8a3c30c1 cdk_linux_amd64_thin
752c9bc83cd57649bece5f5885d921fa0dfd8cb62df66b6db1df281e51cdb560 cdk_linux_amd64_thin_upx
28110f190791aa5b4ca3f0c36dfc39cda8716f165789599de34c8578a70357fd cdk_linux_amd64_upx
cbfe1884821d8aa5cb10a0eec8719f8273b5a65f2ae826c7079006fff71f14e7 cdk_linux_arm
42e2d4b8d628e3df77baf23238076afb7003f1d31fb08032324f249d80df8302 cdk_linux_arm64
58ec2f3cc5cbbcf8add01a0f5f7c8331d830b7944a1031788a5afe4a70ec0a3d cdk_linux_arm64_thin
Assets 14
Loading

CDK v0.1.10

08 Feb 12:16
@Xyntax Xyntax
v0.1.10
127c576
Compare
Choose a tag to compare
CDK v0.1.10 Pre-release
Pre-release
  • bugfix run: check-ptrace
  • new exploit: docker-api-pwn to takeover host with port 2375 open.
  • change exploit docker-sock-deploy to docker-sock-pwn, the new exploit will run commands directly without attaching to the backdoor container.
Assets 8
Loading

CDK v0.1.9

29 Jan 01:37
@Xyntax Xyntax
v0.1.9
e1a31ad
Compare
Choose a tag to compare
CDK v0.1.9 Pre-release
Pre-release

More Exploits Enabled:

  1. Evaluate kube-proxy route localnet(CVE-2020-8558) vulnerability.
  2. Exploit LXC container with lxcfs mounted into container with rw privilege.
  3. Exploit privileged containers with CGroup device.allow overwrite.
Assets 5
Loading

v0.1.8

15 Jan 03:36
@Xyntax Xyntax
v0.1.8
2b14617
Compare
Choose a tag to compare
v0.1.8 Pre-release
Pre-release

Add multiple K8s exploits.

Assets 3
Loading