can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

create pods/exec

Verb: create

Resource: pods/exec

Description: Create exec sessions in running pods

Abuses

Lateral Movement

Use exec to run commands on the pod e.g. to get its service account token

# Access service account tokens for lateral movement
kubectl exec -it target-pod -- cat /var/run/secrets/kubernetes.io/serviceaccount/token

Denial of Service

Use exec to disrupt services and consume resources

← Back to overview