-
Notifications
You must be signed in to change notification settings - Fork 121
/
Copy pathenumerate_simple_objects.go
204 lines (172 loc) · 6.07 KB
/
enumerate_simple_objects.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
package peirates
import (
"encoding/json"
"fmt"
)
// GetPodsInfo gets details for all pods in json output and stores in PodDetails struct
func GetPodsInfo(connectionString ServerInfo, podDetails *PodDetails) {
if !kubectlAuthCanI(connectionString, "get", "pods") {
println("[-] Permission Denied: your service account isn't allowed to get pods")
return
}
println("[+] Getting details for all pods")
podDetailOut, _, err := runKubectlSimple(connectionString, "get", "pods", "-o", "json")
println(string(podDetailOut))
if err != nil {
println("[-] Unable to retrieve details from this pod: ", err)
} else {
println("[+] Retrieving details for all pods was successful: ")
err := json.Unmarshal(podDetailOut, &podDetails)
if err != nil {
println("[-] Error unmarshaling data: ", err)
}
}
}
// PrintHostMountPoints prints all pods' host volume mounts parsed from the Spec.Volumes pod spec by GetPodsInfo()
func PrintHostMountPoints(podInfo PodDetails) {
println("[+] Getting all host mount points for pods in current namespace")
for _, item := range podInfo.Items {
// println("+ Host Mount Points for Pod: " + item.Metadata.Name)
for _, volume := range item.Spec.Volumes {
if volume.HostPath.Path != "" {
println("\tHost Mount Point: " + string(volume.HostPath.Path) + " found for pod " + item.Metadata.Name)
}
}
}
}
// PrintHostMountPointsForPod prints a single pod's host volume mounts parsed from the Spec.Volumes pod spec by GetPodsInfo()
func PrintHostMountPointsForPod(podInfo PodDetails, pod string) {
println("[+] Getting all Host Mount Points only for pod: " + pod)
for _, item := range podInfo.Items {
if item.Metadata.Name == pod {
for _, volume := range item.Spec.Volumes {
if volume.HostPath.Path != "" {
println("\tHost Mount Point: " + string(volume.HostPath.Path))
}
}
}
}
}
// GetRoles enumerates all roles in use on the cluster (in the default namespace).
// It parses all roles into a KubeRoles object.
func GetRoles(connectionString ServerInfo, kubeRoles *KubeRoles) {
println("[+] Getting all Roles")
rolesOut, _, err := runKubectlSimple(connectionString, "get", "role", "-o", "json")
if err != nil {
println("[-] Unable to retrieve roles from this pod: ", err)
} else {
println("[+] Retrieving roles was successful: ")
err := json.Unmarshal(rolesOut, &kubeRoles)
if err != nil {
println("[-] Error unmarshaling data: ", err)
}
}
}
// GetNodesInfo runs kubectl get nodes -o json.
func GetNodesInfo(connectionString ServerInfo) {
println("[+] Getting details for all pods")
podDetailOut, _, err := runKubectlSimple(connectionString, "get", "nodes", "-o", "json")
println(string(podDetailOut))
if err != nil {
println("[-] Unable to retrieve node details: ", err)
}
}
// getPodList returns an array of running pod information, parsed from "kubectl -n namespace get pods -o json"
func getPodList(connectionString ServerInfo) []string {
if !kubectlAuthCanI(connectionString, "get", "pods") {
println("[-] Permission Denied: your service account isn't allowed to get pods")
return []string{}
}
responseJSON, _, err := runKubectlSimple(connectionString, "get", "pods", "-o", "json")
if err != nil {
fmt.Printf("[-] Error while getting pods: %s\n", err.Error())
return []string{}
}
type PodsResponse struct {
Items []struct {
Metadata struct {
Name string `json:"name"`
} `json:"metadata"`
} `json:"items"`
}
var response PodsResponse
err = json.Unmarshal(responseJSON, &response)
if err != nil {
fmt.Printf("[-] Error while getting pods: %s\n", err.Error())
return []string{}
}
pods := make([]string, len(response.Items))
for i, pod := range response.Items {
pods[i] = pod.Metadata.Name
}
return pods
}
// Get the names of the available Secrets from the current namespace and a list of service account tokens
func getSecretList(connectionString ServerInfo) ([]string, []string) {
if !kubectlAuthCanI(connectionString, "get", "secrets") {
println("[-] Permission Denied: your service account isn't allowed to list secrets")
return []string{}, []string{}
}
type SecretsResponse struct {
Items []struct {
Metadata struct {
Name string `json:"name"`
} `json:"metadata"`
Type string `json:"type"`
} `json:"items"`
}
secretsJSON, _, err := runKubectlSimple(connectionString, "get", "secrets", "-o", "json")
if err != nil {
fmt.Printf("[-] Error while getting secrets: %s\n", err.Error())
return []string{}, []string{}
}
var response SecretsResponse
err = json.Unmarshal(secretsJSON, &response)
if err != nil {
fmt.Printf("[-] Error while getting secrets: %s\n", err.Error())
return []string{}, []string{}
}
secrets := make([]string, len(response.Items))
var serviceAccountTokens []string
for i, secret := range response.Items {
secrets[i] = secret.Metadata.Name
if secret.Type == "kubernetes.io/service-account-token" {
serviceAccountTokens = append(serviceAccountTokens, secret.Metadata.Name)
}
}
return secrets, serviceAccountTokens
}
func printListOfPods(connectionString ServerInfo) {
println("\n[+] Printing a list of Pods in this namespace......")
runningPods := getPodList(connectionString)
for _, listpod := range runningPods {
println("[+] Pod Name: " + listpod)
}
}
func findVolumeMounts(connectionString ServerInfo, podInfo *PodDetails) {
println(`
[1] Get all host mount points [all]")
[2] Get volume mount points for a specific pod [single]")
`)
fmt.Printf("\nPeirates (volMounts):># ")
var input string
_, err := fmt.Scanln(&input)
if err != nil {
println("Problem with scanln: %v", err)
return
}
GetPodsInfo(connectionString, podInfo)
switch input {
case "1", "all":
println("[+] Getting volume mounts for all pods")
// BUG: Need to make it so this Get doesn't print all info even though it gathers all info.
PrintHostMountPoints(*podInfo)
//MountRootFS(allPods, connectionString)
case "2", "single":
println("[+] Please provide the pod name: ")
var userResponse string
_, err = fmt.Scanln(&userResponse)
fmt.Printf("[+] Printing volume mount points for %s\n", userResponse)
PrintHostMountPointsForPod(*podInfo, userResponse)
}
}