Skip to content

[v0.2.0] K8s Pillaging & Docker Modification#45

Open
Lavender-exe wants to merge 2 commits into
stealthcopter:mainfrom
Whispergate:main
Open

[v0.2.0] K8s Pillaging & Docker Modification#45
Lavender-exe wants to merge 2 commits into
stealthcopter:mainfrom
Whispergate:main

Conversation

@Lavender-exe
Copy link
Copy Markdown

@Lavender-exe Lavender-exe commented May 17, 2026

  • Added new K8s enumeration and exploitation
  • Added more Docker escape methods
  • Updated Guides

@Lavender-exe
Updated Tooling
f7b2a1e 
- Added Kubernetes Enumeration and Exploitation
- Updated CVEs related to Docker Escapes
- Updated Guides to reflect the new additions
@Lavender-exe
Update project description in README.md
4ba9636
stealthcopter
stealthcopter reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@stealthcopter stealthcopter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Lavender-exe

This is an amazing PR, thank you so much for contributing it! I picked up on a few minor things, keen to get your thoughts on them:

Comment thread deepce.sh
printQuestion "Azure metadata .........."
azureResp=$(curl -s --connect-timeout 3 \
-H "Metadata: true" \
"http://169.254.169.253/metadata/instance?api-version=2021-02-01" 2>/dev/null | head -c 200)
Copy link
Copy Markdown
Owner

@stealthcopter stealthcopter May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"http://169.254.169.253/metadata/instance?api-version=2021-02-01" 2>/dev/null | head -c 200)
"http://169.254.169.254/metadata/instance?api-version=2021-02-01" 2>/dev/null | head -c 200)

Is the IP address here off by one?

Comment thread deepce.sh
Comment on lines +1172 to +1175
if grep -q " $p " /proc/self/mountinfo 2>/dev/null; then
mountSrc=$(grep " $p " /proc/self/mountinfo | head -1 | awk '{print $4}')
# Overlay and tmpfs are normal container mounts; anything else is suspicious
if ! echo "$mountSrc" | grep -q "overlay\|tmpfs\|cgroup\|proc\|sysfs"; then
Copy link
Copy Markdown
Owner

@stealthcopter stealthcopter May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you just check this bit of code? the $4 doesn't seem to match with the grep on the line below ( mount root vs fstype). I also suspect the use of head here could potentially cause a false negative, would a loop be better?

Comment thread deepce.sh
# Check for full root mount
printQuestion "Root filesystem mounted .."
if grep -q " / " /proc/self/mountinfo 2>/dev/null; then
rootMountSrc=$(grep " / " /proc/self/mountinfo | grep -v "overlay\|tmpfs" | head -1 | awk '{print $4}')
Copy link
Copy Markdown
Owner

@stealthcopter stealthcopter May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this could give a false negative due to the use of head here, thoughts?

@Lavender-exe
Copy link
Copy Markdown
Author

Lavender-exe commented May 27, 2026

Heya @stealthcopter! The changes were made mid CTF so it's error prone, you're correct with the errors and apologies for introducing them!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stealthcopter stealthcopter stealthcopter left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Lavender-exe @stealthcopter