Skip to content

kubernetesvillage/eks-pentesting-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
k8s-dashboard
k8s-dashboard
 
 
ssrf-demo
ssrf-demo
 
 
vulnerable_sample_app
vulnerable_sample_app
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

EKS Pentesting Example

Author: Divyanshu Shukla | AWS Community Builder

Follow at kubernetesvillage

Introduction

This repository contains code and configurations for deploying vulnerable EKS components. It is designed for educational and testing purposes only, allowing users to explore and understand potential security issues in an EKS environment.

Folder Breakdown

  • k8s-dashboard/: Contains configurations for a Kubernetes Dashboard with potential misconfigurations for testing privilege escalation and unauthorized access scenarios.
  • ssrf-demo/: A demo application vulnerable to Server-Side Request Forgery (SSRF), designed to demonstrate potential exploitation techniques.
  • vulnerable_sample_app/: An example of a deliberately insecure application for testing various Kubernetes misconfigurations and security flaws.

Scenario

This setup simulates a real-world environment with intentionally vulnerable components to test:

  • Unauthorized access via the Kubernetes Dashboard.
  • Exploitation of SSRF vulnerabilities in deployed applications.
  • Privilege escalation and configuration weaknesses in Kubernetes deployments.

Prerequisites

  • Access to an EKS cluster.
  • kubectl configured with the correct context.
  • Basic knowledge of Kubernetes and EKS security concepts.

Deployment

To deploy the vulnerable components, navigate to the desired directory and apply the Kubernetes manifests:

kubectl apply -f k8s-dashboard/
kubectl apply -f ssrf-demo/
kubectl apply -f vulnerable_sample_app/

Testing

1. Kubernetes Dashboard Access

Check if the Kubernetes Dashboard is exposed and accessible without proper authentication:

kubectl proxy

Navigate to http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ and see if you can access the dashboard without credentials.

2. SSRF Exploitation

The ssrf-demo app is vulnerable to SSRF attacks. Test this by sending requests that can access internal resources:

curl http://<ssrf-demo-url>/?url=http://169.254.169.254/latest/meta-data/

3. Privilege Escalation

Inspect the configurations in vulnerable_sample_app/ for possible privilege escalation paths (e.g., misconfigured service accounts):

kubectl describe pod <pod-name>

Look for elevated permissions or access to sensitive resources.

Cleanup

🧹 Cleanup Instructions (Optional)

To remove all deployed resources, run the following commands:

kubectl delete -f k8s-dashboard/
kubectl delete -f ssrf-demo/
kubectl delete -f vulnerable_sample_app/

⚠️ Note: Only run these commands if you want to remove all testing resources.

Disclaimer

This project is for educational purposes only. Do not deploy these configurations in a production environment. Use responsibly and ensure you have permission to perform testing in your environment.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Author

Created by Divyanshu Shukla for kubernetesvillage community.

About

This repository contains the code for deploying vulnerable EKS Components

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages