subpath-exploit
Kubernetes exploit demo
Demonstrates an escape vulnerability in Kubernetes allowing privileged access to a pod through symlinks
Writeup of CVE-2017-1002101 with sample "exploit"/escape
35 stars
4 watching
2 forks
Language: Shell
last commit: over 6 years ago
Linked from 1 awesome list
metarget/awesome-cloud-native-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 danielsagi/kube-pod-escape | An exploit allowing unauthorized access to sensitive data on a host machine through Kubernetes logs | 92 |
 darryk10/cve-2021-25735 | An exploit demonstrating a Kubernetes validation admission webhook bypass vulnerability | 18 |
 irsl/jackson-rce-via-spel | A proof-of-concept project demonstrating exploitation of a vulnerability in Jackson-databind via Spring application contexts and expressions. | 121 |
 cyberark/kubesploit | A cross-platform post-exploitation toolset for containerized environments | 1,122 |
 danigargu/cve-2020-0796 | An exploit tool for a Windows SMBv3 vulnerability | 1,304 |
 bishopfox/badpods | A collection of Kubernetes pod manifests demonstrating the impact of elevated privileges on security and functionality. | 599 |
 myblackmanba/cve-2021-29505 | Reproducing and analyzing the CVE-2021-29505 vulnerability in Java's XStream deserialization process | 5 |
 babyteam1024/cve-2021-2394 | An exploit for a Java vulnerability | 9 |
 bkerler/exploit_me | An educational platform showcasing 14 different types of vulnerabilities in ARM/AARCH64 applications through CTF-style exploitation tutorials. | 895 |
 timwr/cve-2016-5195 | A proof of concept exploit demonstrating a vulnerability in Android's SELinux implementation | 956 |
 kibercthulhu/gdb-peda-cheatsheet | A collection of tips and tricks for using GDB-PEDA in exploit development | 16 |
 jaiswalakshansh/vuldroid | An Android application showcasing various security vulnerabilities to demonstrate potential attack vectors | 63 |
 mpgn/cve-2019-0192 | A proof of concept project demonstrating a remote code execution vulnerability in Apache Solr via deserialization of untrusted data | 209 |
 4armed/kubeletmein | A tool designed to exploit public cloud provider approaches to gain privileged access to Kubernetes clusters by abusing kubelet credentials. | 160 |
 theori-io/zer0con2018_singi | An exploit demonstrating code execution vulnerabilities in macOS Sierra using Safari and WindowServer | 121 |