kube-goat
kube-goat copied to clipboard
ksoclabs
A deliberately vulnerable Kubernetes cluster
On Linux: `curl -fsSL https://get.docker.com` needs a `| sh` in order to work. Final version: On Linux: `curl -fsSL https://get.docker.com | sh`
apiVersion: kind.sigs.k8s.io/v1alpha3 needs to be updated to kind.x-k8s.io/v1alpha4 in order to work.
Hi, Whether it is on my Mac installation (last stable versions of `macOS`, `docker`, `kind`, `kubectl`) or within a Debian a Docker in Docker, I got the following error when...
### Motivation Zero-auth on a Kubelet causes major issues. This exercise should expose a kubernetes READ port (10255) to grab a pod with the key name being the CTF key....
### Motivation The key will be stored in the volume mount. Containers shouldn't be allowed to mount volumes like this. ### Acceptance ### Design Ideas
### Motivation Without network policies or a service mesh it is possible to hit unwanted pods via application vuln. This challenge will expose Redis. ### Acceptance ### Design Ideas
### Motivation `anonymous-auth=true` is bad when combined with `authorization-mode=AlwaysAllow`. We will enable this and figure out how to expose a key to the user that is applicable. ### Acceptance ###...
### Motivation The dashboard can do bad things. This challenge will be to find the dashboard running and open to the internet and discover the key within.
### Motivation This challenge will use privileged==true to escalate privileges and find the key
### Motivation Secrets are not secure by default. This challenge will expose the token by using kubectl to access secrets which has the token embedded