Skip to content

Exploit: service probe

cdxy edited this page Nov 27, 2020 · 2 revisions

Exploit: service-probe

扫描指定网段的端口识别敏感服务如kubelet, K8s dashboard, docker API以及其他服务,便于发现后续攻击点。

如果想要自定义扫描参数,请参考 https://github.com/Xyntax/CDK/wiki/Tool:-probe

Scan targeted subnet IP/Port in order to find service like kubelet, K8s dashboard, docker and other APIs for further exploiting.

If you want to customize scan task, see https://github.com/Xyntax/CDK/wiki/Tool:-probe

Usage

cdk run service-probe <ip-range>

Valid input is an IP range like 1.1.1.1-255 or just a single IP like 1.1.1.1.

Example

// find K8s api-server addr
env | grep KUBE 
// scan its open service
./cdk run service-probe 172.21.0.1-255

Config

edit this pre-defined sensitive PORTs in https://github.com/Xyntax/CDK/blob/main/conf/scanner_conf.go then rebuild CDK.

var TCPScannerConf = TCPScannerConfS{
	Timeout:     500 * time.Millisecond,
	MaxParallel: 50,
	PortList: map[string]string{
		//"test": "1-3",
		"http":             "80",
		"https":            "443",
		"ssh":              "22",
		"docker-api":       "2375",
		"http-1":           "8080",
		"https-1":          "8443",
		"k8s-api-server":   "6443",
		"kubelet-auth":     "10250",
		"kubelet-read":     "10255",
		"nodeport-service": "30000-32767", //default NodePort service port range:30000-32767。
	},
}
Clone this wiki locally