search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.7k stars 581 forks source link

How to execute the exploit for found vulnerabilities ? #352

Closed mydockergit closed 4 years ago

mydockergit commented 4 years ago

What are you trying to achieve

Using exploit on CVE found by kube-hunter.

Minimal example (if applicable)

I run kube-hunter like that: 

docker run -it --rm --network host aquasec/kube-hunter --active

It found a vulnerable pod:

+--------+--------------------+----------------------+----------------------+----------------------+-----------------+
| ID     | LOCATION           | CATEGORY             | VULNERABILITY        | DESCRIPTION          | EVIDENCE        |
+--------+--------------------+----------------------+----------------------+----------------------+-----------------+
| KHV024 | 172.17.0.63:6443   | Denial of Service    | Possible Ping Flood  | Node not patched for | v1.14.0         |
|        |                    |                      | Attack               | CVE-2019-9512. an    |                 |
|        |                    |                      |                      | attacker could cause |                 |
|        |                    |                      |                      | a                    |                 |
|        |                    |                      |                      |     Denial of        |                 |
|        |                    |                      |                      | Service by sending   |                 |
|        |                    |                      |                      | specially crafted    |                 |
|        |                    |                      |                      | HTTP requests.       |                 |
+--------+--------------------+----------------------+----------------------+----------------------+-----------------+

I ran it with --active flag but I don't see how it used the exploit for this CVE. How can I use the exploit for CVE-2019-9512?

mydockergit commented 4 years ago

?

danielsagi commented 4 years ago

Hi @mydockergit Thanks for taking an interest! Currently kube-hunter does not exploit DOS vulnerabilities, the purpose of active hunting, is exploiting vulnerabilities or misconfigurations, in order to find more vulnerabilities. Exploiting Denial Of Service will not help that in any case.