Module to extract service account tokens of running pods in EKS

RhinoSecurityLabs / pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/

BSD 3-Clause "New" or "Revised" License

4.3k stars 689 forks source link

Module to extract service account tokens of running pods in EKS #443

Closed guragainroshan0 closed 4 weeks ago

guragainroshan0 commented 2 months ago

Module to retrieve service account tokens of running pods in a EKS cluster. Credentials retrieved from SSRF could be role of a node. This could be exploited to extract service account tokens of pods in the cluster and exploit it further. This module requests EKS authentication token for a node and uses it to get service account token of pods running in the cluster.

DaveYesland commented 1 month ago

Starting to take a look at this and test it. Thanks for the contribution!

I think something more specific for the module name might be better, maybe: eks__collect_tokens or eks__collect_service_tokens something to make it clear what it does at a glance.

guragainroshan0 commented 1 month ago

Thanks for the review.

The module name has been modified to eks__collect_tokens.