Search...

Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security

2021-11-18T20:30:00

ID KITPLOIT:735246896490596516
Type kitploit
Reporter KitPloit
Modified 2021-11-18T20:30:00

Description

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Refer to https://madhuakula.com/kubernetes-goat for the guide.

Show us some

Please feel free to send us a PR and show some

Upcoming Training's and Sessions

DEFCON DEMO Labs

https://forum.defcon.org/node/237237

Cloud Village - DEFCON

https://cloud-village.org/#talks?collapseMadhuAkula

Recent Kubernetes Goat Presentations

OWASP Bay Area Meetup

DEFCON Red Team Village

Just click and Play in the browser for free using Katacoda Playground - Try now

https://katacoda.com/madhuakula/scenarios/kubernetes-goat

Setting up Kubernetes Goat

Before we set up the Kubernetes Goat, ensure that you have created and have admin access to the Kubernetes cluster

kubectl version --short

Set up the helm version 2 in your path as `helm2` . Refer to helm releases for more information about setup

helm2 --help

Then finally setup Kubernetes Goat by running the following command

git clone https://github.com/madhuakula/kubernetes-goat.git
cd kubernetes-goat
bash setup-kubernetes-goat.sh

To export the ports/services locally to start learning, run the following command

bash access-kubernetes-goat.sh

Then navigate to http://127.0.0.1:1234

Kubernetes Goat - KIND setup

If you want to setup Kubernetes Goat using KIND, refer to kind-setup

Scenarios

Sensitive keys in code-bases

DIND (docker-in-docker) exploitation

SSRF in K8S world

Container escape to access host system

Docker CIS Benchmarks analysis

Kubernetes CIS Benchmarks analysis

Attacking private registry

NodePort exposed services

Helm v2 tiller to PwN the cluster

Analysing crypto miner container

Kubernetes Namespaces bypass

Gaining environment information

DoS the memory/CPU resources

Hacker Container preview

Hidden in layers

RBAC Least Privileges Misconfiguration

KubeAudit - Audit Kubernetes Clusters

Sysdig Falco - Runtime Security Monitoring & Detection

Popeye - A Kubernetes Cluster Sanitizer

Secure network boundaries using NSP

Showcase

Presented at OWASP Bay Area Meetup at https://youtu.be/DQllxpb46Yw

Presented at DEF CON RED Team Village https://youtu.be/aEaSZJRbnTo

Presented at OWASP San Diego at https://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/hmbbkrybckbvb/

Featured in the official Kubernetes Podcast at https://kubernetespodcast.com/episode/109-kubermatic

Featured in tl;dr sec https://tldrsec.com/blog/tldr-sec-039

Featured in CloudSecList https://cloudseclist.com/issues/issue-42

Presented at EkoParty 2020 DevSecOps https://youtu.be/XqwbVU-gtng

Presented at c0c0cn 2020 https://india.c0c0n.org/2020/speakers#madhu_akula

Featured in Info Ck YouTube channel https://youtu.be/5ojho4L6Xfo

Presented in Cloud Native Indonesia Meetup https://youtu.be/pf5jOGWoWU0

Presented in USENIX LISA 2021 Closing Note

Presented in SANS CloudSecNext Summit 2021

Disclaimer

> Kubernetes Goat creates intentionally vulnerable resources into your cluster. DO NOT deploy Kubernetes Goat in a production environment or alongside any sensitive cluster resources.

> Kubernetes Goat comes with absolutely no warranties whatsoever. By using Kubernetes Goat, you take full responsibility for all outcomes that result.

Download Kubernetes-Goat

JSON Vulners Source

Initial Source

{"id": "KITPLOIT:735246896490596516", "bulletinFamily": "tools", "title": "Kubernetes-Goat - Is A \"Vulnerable By Design\" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security", "description": "[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEiCnpVDs62xyVPX-RIcFO-TEj0QRwScPp5o0VmCys8ga9rcOC6sM8rt_NIE_NGGvU6ZkoxeboxPfKxLewTLkYHb4P6ekDe5TM8eQM1zPKV1HPnVixPnuk_iwD-6auPTK4a70EGqrtYIOYTGcwgBVzWB00wl9WQ5llbDK5nBq40n7QVOMuzcQZVZRVgPcA=s320) ](<https://blogger.googleusercontent.com/img/a/AVvXsEiCnpVDs62xyVPX-RIcFO-TEj0QRwScPp5o0VmCys8ga9rcOC6sM8rt_NIE_NGGvU6ZkoxeboxPfKxLewTLkYHb4P6ekDe5TM8eQM1zPKV1HPnVixPnuk_iwD-6auPTK4a70EGqrtYIOYTGcwgBVzWB00wl9WQ5llbDK5nBq40n7QVOMuzcQZVZRVgPcA=s2048>)\n\n \n\n\n \n\n\n \n\n\nThe Kubernetes Goat is designed to be an intentionally [ vulnerable ](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) cluster environment to learn and practice Kubernetes security. \n\n** Refer to [ https://madhuakula.com/kubernetes-goat ](<https://madhuakula.com/kubernetes-goat> \"https://madhuakula.com/kubernetes-goat\" ) for the guide. **\n\n \n\n\n** Show us some \n** \n\n\nPlease feel free to send us a [ PR ](<https://github.com/madhuakula/kubernetes-goat/blob/master/guide/src/getting-involved/i-use-this-project.md> \"PR\" ) and show some \n\n \n\n\n[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEhSQYyWcW7lzlMIZqyWVytW5Ck4V8ufhiY9eWOWPxEclad3usm0harZMcH1joPAq1GiXKkNCpB9pH3Hat3ZRcNh5c0d1MuhRj1f1_bdcOpTgsAP0BpLeGPj-D9a84MqoyumdkfEEqw8BpoocQ-skDvTR2T2Us9G0AcbgJpQEzitNPbcxYcG_492WyRsqw=s320) ](<https://blogger.googleusercontent.com/img/a/AVvXsEhSQYyWcW7lzlMIZqyWVytW5Ck4V8ufhiY9eWOWPxEclad3usm0harZMcH1joPAq1GiXKkNCpB9pH3Hat3ZRcNh5c0d1MuhRj1f1_bdcOpTgsAP0BpLeGPj-D9a84MqoyumdkfEEqw8BpoocQ-skDvTR2T2Us9G0AcbgJpQEzitNPbcxYcG_492WyRsqw=s846>)\n\n \n\n\n \n\n\n \n**\n\n** Upcoming Training's and Sessions **\n\n**\n\n** DEFCON DEMO Labs **\n\n * [ https://forum.defcon.org/node/237237 ](<https://forum.defcon.org/node/237237> \"https://forum.defcon.org/node/237237\" )\n\n** Cloud Village - DEFCON **\n\n * [ https://cloud-village.org/#talks?collapseMadhuAkula ](<https://cloud-village.org/#talks?collapseMadhuAkula> \"https://cloud-village.org/#talks?collapseMadhuAkula\" )\n \n** Recent Kubernetes Goat Presentations ** \n\n\n** OWASP Bay Area Meetup **\n\n** DEFCON Red Team Village **\n\n \n**\n\n** Just click and Play in the browser for free using Katacoda Playground - Try now **\n\n**\n\n[ https://katacoda.com/madhuakula/scenarios/kubernetes-goat ](<https://katacoda.com/madhuakula/scenarios/kubernetes-goat> \"https://katacoda.com/madhuakula/scenarios/kubernetes-goat\" )\n\n \n**\n\n** Setting up Kubernetes Goat **\n\n**\n\n * Before we set up the Kubernetes Goat, ensure that you have created and have admin access to the Kubernetes cluster \n \n \n kubectl version --short\n\n * Set up the helm version 2 in your path as ` helm2 ` . Refer to helm [ releases ](<https://github.com/helm/helm/releases> \"releases\" ) for more information about setup \n \n \n helm2 --help\n\n * Then finally setup Kubernetes Goat by running the following command \n \n \n git clone https://github.com/madhuakula/kubernetes-goat.git \n cd kubernetes-goat \n bash setup-kubernetes-goat.sh\n\n * To export the ports/services locally to start learning, run the following command \n \n \n bash access-kubernetes-goat.sh\n\n * Then navigate to [ http://127.0.0.1:1234 ](<http://127.0.0.1:1234> \"http://127.0.0.1:1234\" )\n \n** Kubernetes Goat - KIND setup ** \n\n\n * If you want to setup Kubernetes Goat using KIND, refer to [ kind-setup ](<https://github.com/madhuakula/kubernetes-goat/blob/master/kind-setup/README.md> \"kind-setup\" )\n \n**\n\n** Scenarios **\n\n**\n\n 1. Sensitive keys in code-bases \n 2. DIND (docker-in-docker) exploitation \n 3. SSRF in K8S world \n 4. Container escape to access host system \n 5. Docker CIS Benchmarks analysis \n 6. Kubernetes CIS Benchmarks analysis \n 7. Attacking private registry \n 8. NodePort exposed services \n 9. Helm v2 tiller to PwN the cluster \n 10. Analysing crypto miner container \n 11. Kubernetes [ Namespaces ](<https://www.kitploit.com/search/label/Namespaces> \"Namespaces\" ) bypass \n 12. Gaining environment information \n 13. DoS the memory/CPU resources \n 14. Hacker [ Container ](<https://www.kitploit.com/search/label/Container> \"Container\" ) preview \n 15. Hidden in layers \n 16. RBAC Least Privileges Misconfiguration \n 17. KubeAudit - Audit Kubernetes Clusters \n 18. Sysdig Falco - Runtime Security Monitoring & Detection \n 19. Popeye - A Kubernetes Cluster Sanitizer \n 20. Secure network boundaries using NSP \n \n**\n\n** Showcase **\n\n**\n\n * Presented at OWASP Bay Area Meetup at [ https://youtu.be/DQllxpb46Yw ](<https://youtu.be/DQllxpb46Yw> \"https://youtu.be/DQllxpb46Yw\" )\n * Presented at DEF CON RED Team Village [ https://youtu.be/aEaSZJRbnTo ](<https://youtu.be/aEaSZJRbnTo> \"https://youtu.be/aEaSZJRbnTo\" )\n * Presented at OWASP San Diego at [ https://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/hmbbkrybckbvb/ ](<https://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/hmbbkrybckbvb/> \"https://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/hmbbkrybckbvb/\" )\n * Featured in the official Kubernetes Podcast at [ https://kubernetespodcast.com/episode/109-kubermatic ](<https://kubernetespodcast.com/episode/109-kubermatic/> \"https://kubernetespodcast.com/episode/109-kubermatic\" )\n * Featured in tl;dr sec [ https://tldrsec.com/blog/tldr-sec-039 ](<https://tldrsec.com/blog/tldr-sec-039/> \"https://tldrsec.com/blog/tldr-sec-039\" )\n * Featured in CloudSecList [ https://cloudseclist.com/issues/issue-42 ](<https://cloudseclist.com/issues/issue-42/> \"https://cloudseclist.com/issues/issue-42\" )\n * Presented at EkoParty 2020 DevSecOps [ https://youtu.be/XqwbVU-gtng ](<https://youtu.be/XqwbVU-gtng> \"https://youtu.be/XqwbVU-gtng\" )\n * Presented at c0c0cn 2020 [ https://india.c0c0n.org/2020/speakers#madhu_akula ](<https://india.c0c0n.org/2020/speakers#madhu_akula> \"https://india.c0c0n.org/2020/speakers#madhu_akula\" )\n * Featured in Info Ck YouTube channel [ https://youtu.be/5ojho4L6Xfo ](<https://youtu.be/5ojho4L6Xfo> \"https://youtu.be/5ojho4L6Xfo\" )\n * Presented in [ Cloud Native ](<https://www.kitploit.com/search/label/Cloud%20Native> \"Cloud Native\" ) Indonesia Meetup [ https://youtu.be/pf5jOGWoWU0 ](<https://youtu.be/pf5jOGWoWU0> \"https://youtu.be/pf5jOGWoWU0\" )\n * Presented in [ USENIX LISA 2021 Closing Note ](<https://www.usenix.org/conference/lisa21/presentation/closing> \"USENIX LISA 2021 Closing Note\" )\n * Presented in SANS CloudSecNext Summit 2021 \n \n**\n\n** Disclaimer **\n\n**\n\n> Kubernetes Goat creates intentionally vulnerable resources into your cluster. DO NOT deploy Kubernetes Goat in a production environment or alongside any sensitive cluster resources. \n\n> Kubernetes Goat comes with absolutely no warranties whatsoever. By using Kubernetes Goat, you take full responsibility for all outcomes that result. \n\n \n\n\n \n\n\n** [ Download Kubernetes-Goat ](<https://github.com/madhuakula/kubernetes-goat> \"Download Kubernetes-Goat\" ) **\n", "published": "2021-11-18T20:30:00", "modified": "2021-11-18T20:30:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2021/11/kubernetes-goat-is-vulnerable-by-design.html", "reporter": "KitPloit", "references": ["https://github.com/helm/helm/releases", "https://github.com/madhuakula/kubernetes-goat/blob/master/kind-setup/README.md", "https://github.com/madhuakula/kubernetes-goat/blob/master/guide/src/getting-involved/i-use-this-project.md", "https://github.com/madhuakula/kubernetes-goat"], "cvelist": [], "immutableFields": [], "type": "kitploit", "lastseen": "2021-11-18T20:39:24", "edition": 1, "viewCount": 41, "enchantments": {"dependencies": {"references": [], "modified": "2021-11-18T20:39:24", "rev": 2}, "score": {"value": -0.3, "vector": "NONE", "modified": "2021-11-18T20:39:24", "rev": 2}, "vulnersScore": -0.3}, "toolHref": "https://github.com/madhuakula/kubernetes-goat"}