Scenario 4 - Moving From "system-monitor-deployment" To "kubernetes-goat-default-pool"

[bradleyspmckay]

I would like to preface this question by saying that I am brand new to Kubernetes and the security topic surrounding it. I am using this as a tool to follow along with rather than trying to solve the challenges without guidance.

Within scenario 4, it talks about breaking out of a container to the host system. After running the required command chroot /host-system bash, I cannot see the follow on materials such as the kubeconfig file. Also, I am unable to run any docker commands as the binary is not available to me. I also noticed in the instructions that the author moved from the system monitor deployment to the goat-default-pool command prompt. Can someone explain to me how to get there?

[nmiekley]

I am also currently looking at that scenario.

First off, your worker node probably does not use docker anymore. Kubernetes recently changed its container runtime from docker to containerd or csi-o. Try the following ones. The first works for containerd, the second should work in general.

ctr -n k8s.io containers list 
crictl pods

Furthermore, I think the changed the host in the command prompt is that the container might have been called differently in old versions. Just ignore it.

I am still thinking about the part with the kubernetes commands. I thought the kubernetes config is not available on the host, only the kubelet config. However, you can simply look around for a file containing kind: Config, e.g.

grep -r "kind: Config$" /etc/

and exchange the file.

[bradleyspmckay]

Thank you this was very helpful

[nmiekley]

@MeuNomeEFil I found the following interesting article which can give you interesting insights: https://www.cyberark.com/resources/threat-research-blog/using-kubelet-client-to-attack-the-kubernetes-cluster