CDK | Kubernetes Ecosystem Directory

Bot releases are visible (Hide)

CDK - CDK v1.5.3 Latest Release

Published by neargle 5 months ago

Release Date: 2024-05-19

📜 Changelog

💣 Exploits

Feat(exp): adapt docker devicemapper file system when get docker rootfs

🧰 Tools

增加查看网络连接信息
Fix(eva): long standing timeout in discovery k8s apiserver with sa, error msg: GET, ...connection timed out

✨ Others

Feat(tool docs): add netstat document
Fix(cgroup): latter part slice len error (#87)
Chore: os.SEEK_END has been deprecated since Go 1.7
Feat(exp): adapt docker devicemapper file system when get docker rootfs

🔑 Hash Table

SHA256	EXECTUE FILE
64b40a70b232b7e23a187a11c52ef8d8b7f3e16a5b869af16b390cbbe4aab935	cdk_darwin_amd64
4c7260ac051907d12896054145fe103f9ea06de3bb2f04f0aab953dff32028de	cdk_linux_386
2c757f0065c167e633318ff8d43cb85cf936eae2db224f4e066098f4a8cb324a	cdk_linux_386_thin
197c42343c75fbbb7d77f3aaa92e04e43ddec927887e889197db72fcff5e9df4	cdk_linux_386_thin_upx
17b096ff5df1b612abc12887e65fae97280533bfe058ce6becb9c0920f4d4c42	cdk_linux_386_upx
d7f0690e41786270f345ff4851fd4b239631d4c1e7a6b9f74ad139565cbdb2ed	cdk_linux_amd64
13f42e004a25be9ba99aee3396a1d810026d7750d1e199774c5ba8410b15ae30	cdk_linux_amd64_thin
cdac5cd3d0ff424315da3e233a79f72663c26e53fc4ac2e5031ea08154630514	cdk_linux_amd64_thin_upx
ccbc5c84af4045835e6b001cdf845d63802e081cbb97d9625c12d8d0f9b6f852	cdk_linux_amd64_upx
896b8d804debd233200375a5b7c1218d5b8bf5f53aaaa685b9d411c0770e27d4	cdk_linux_arm
381448682cb5ea5ff1bc8bfd3462e637da0445fc74fdb60e0de5e11d8c2dc90d	cdk_linux_arm64
2b92652d4909d39e12fc9320188f9e834b82f80d3aba92dea4267608f3543861	cdk_linux_arm64_thin

CDK - CDK v1.5.2

Published by neargle over 1 year ago

Release Date: 2023-03-12

What's Changed

V1.5.2 alpha by @neargle in https://github.com/cdk-team/CDK/pull/80

📜 Changelog

💣 Exploits

Fix 78(exp): support containerd and other linux path

🧰 Tools

Fix #77(exp shadow-apiserver): anonymous-auth is not valid, support v1.23.1

✨ Others

Fix 78(exp): support containerd and other linux path
Chore(exp): add alert message about flag auto-escape is deprecated

✨ In Chinese

支持 linux 环境下的不同容器运行时，如 containerd、runc、docker；
修复shadow-apiserver匿名访问无效的issue，支持新版本的k8s，如 v1.23.1；
添加迭代部分功能的消息提醒

🔑 Hash Table

SHA256	EXECTUE FILE
9f63e35d7b9d0814ad9f0ef23b89deb4f823d3b07bcd33df9abc5b957bb8be0f	cdk_darwin_amd64
d5c8e759b790c6ffb3134c8f0aae5865e2ae4c672dc09eaa312bc928fd0d78bd	cdk_linux_386
64c86a12800b8d5064e7313a43eb6f5504a7043ab15c227cecfddaf84cc74ced	cdk_linux_386_thin
364fcacd8b55d7d54162849b620cd83e9f50ddb3c7c08478f391cce09449b452	cdk_linux_386_thin_upx
242a11999f0c5b776400f2462854ef1d07101bd1085e3b29c9b7ba825c93a3fb	cdk_linux_386_upx
af751c690671ffc0da6380ef94a25df3dfc5911c448319f7f6b90df55cca7b7d	cdk_linux_amd64
f118a70fa7b02b858bb4fffb96d9a861e4b02f62df054a0d69854449682c8f85	cdk_linux_amd64_thin
3dc271adc2565c38eda5fdaee3070bda8962159d17ba625467a0f3a6e5e440d0	cdk_linux_amd64_thin_upx
924fb2bd1fe001f9eb62509a05546d1aaf97ebbfca73c75eb665a38b34559c4e	cdk_linux_amd64_upx
594811dafdfb9f5cc56b604d8fe97777c23057e37803ec34afdf5680bf9276ea	cdk_linux_arm
828aede9a7bc193899b66e8c10ac10d24398cf79575e771d9a970d3f9a4cdd92	cdk_linux_arm64
2eb30e2abc71fadaee5980bd89a8e4a2c95bcc5d60857a3c13b006c186307e8e	cdk_linux_arm64_thin

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.5.1...v1.5.2

CDK - CDK v1.5.1

Published by neargle almost 2 years ago

Release Date: 2023-01-01

🎉 Happy New Year to everyone in 2023~

📜 Changelog

💣 Exploits

Fix #71 (exp): k8s-shadow-apiserver check apiserver error in invalid to list pods

🔑 Hash Table

SHA256	EXECTUE FILE
fb8e1c7fbb5f253cffd87b965e587b4cb611ca2e5a38a13db70a082d8b8fe49c	cdk_darwin_amd64
225ae3f948ca67c0f37ad69a5ce542c27c370993806599aeb927079bf8553acb	cdk_linux_386
9a4d894cc0d020b03fbbf1ad8d147fc7a871a633fdc67497685a8b8d52b465e4	cdk_linux_386_thin
254cf55fb776afbcf5ff93f9647303be1f8bee48bcb78f138881e4dc17c34b81	cdk_linux_386_thin_upx
b2e2d49036ddaebaab3cbcd26b3d1742fca27ce42926f2fbb10791ce8af6f2a6	cdk_linux_386_upx
b18a6f563afe5afa141713e2a569de7faac174adef1d3fa467a44d7cd8598a8a	cdk_linux_amd64
1d2e4fa684a99e31479bcc0e5e14aa7f3c56cce3de71028241a9745c67ebf034	cdk_linux_amd64_thin
db192e3adff9cfb3777dc44fbe037aee648af60c203832d7a5f7ac41e265f01b	cdk_linux_amd64_thin_upx
f930268ff8e01585865f3190c10570175b0ef11c1b17172c93b413df8507bcbe	cdk_linux_amd64_upx
ca6d09368c87c863029065d8d134bea7edefe73e270b599336185bec60dc68ab	cdk_linux_arm
8de962c37d5fd876e8b402dd86e334a6ab66b6fa8242a2c8eeef4b6d1d0457ec	cdk_linux_arm64
d0315c0ae104a656d1b6787f8929a324193f65935b54514107f9ddb7639784d3	cdk_linux_arm64_thin

What's Changed

fix #71 (exp): k8s-shadow-apiserver check apiserver error in invalid … by @neargle in https://github.com/cdk-team/CDK/pull/73

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.5.0...v1.5.1

CDK - CDK v1.5.0

Published by neargle about 2 years ago

🏠 During the 7-day holiday, are there any technical activities in Xiamen that I can participate in?

Release Date: 2022-09-25

📜 Changelog

🔍 About Evaluate

Feat(evaluate): check kernel exploit, use mzet-/linux-exploit-suggester
Feat(evaluate): support check setuid files in path
Perf(capabilities): red color for add caps

✨ Others

Perf(evaluate): support two new formatted print func
Perf(eva): a nice head 2 of title

🔑 Hash Table

SHA256	EXECTUE FILE
9484ea212c59a9ada48f9f08204448eaf013891b7b722f9d111f4346f7f17a4c	cdk_darwin_amd64
e8eb686267d1017f0c044f8725a91d2a3b0111156975f4918c9b3839b571483f	cdk_linux_386
cf649763c47c27458c5af325697d002c0768efb7b45e5a0246d529519df56ea4	cdk_linux_386_thin
d29a6e6ff589b020cadb8f8815eafd2a1a6224a1e042e6649c9747e924048dcb	cdk_linux_386_thin_upx
06a53f84d7e034e563a8fc3747000bcdc6b9945efd0ecbc990322ff527b3ad04	cdk_linux_386_upx
4bd863af3ba70c958caf5b048ddd90a32a54bb9ae5d3e7578e8e0f1330a7d68f	cdk_linux_amd64
588f790b5ea620a3077e6231bef7180951410f445c5d5b9aac8289b3a8d3cf1a	cdk_linux_amd64_thin
f1a3a780227dec46aa938096d1a8d8f6240e711d757a25aaec0f6c6adf0a495a	cdk_linux_amd64_thin_upx
a20e531b0117f484e0b2aa0debccc8edc597fbaf43578cc1c862eb98fb6a849d	cdk_linux_amd64_upx
03c387fcf1090b813124a067e3434845c6242e7d6d4f0a835f78a96d6fb6f731	cdk_linux_arm
3fc8aac43db6c83112f9bc168ae5a32f1cdd942376941341c621fa36bff26647	cdk_linux_arm64
1e82c733ecbf30e06bfa200e327fad167e79a55854a198f92afa2fa7d0f9337f	cdk_linux_arm64_thin

What's Changed

Feat(evaluate): check kernel exploit, use mzet-/linux-exploit-suggester by @neargle in https://github.com/cdk-team/CDK/pull/69

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.4.1...v1.5.0

CDK - CDK v1.4.1

Published by neargle about 2 years ago

Release Date: 2022-09-19

📜 Changelog

🔍 About Evaluate

Feat(evaluate): support check setuid files in path (#67)
More colorful in Evaluate

🔑 Hash Table

SHA256	EXECTUE FILE
fb88b7cf0b5a1136829a3cf1c25f536713e6d7033c8b95cf31ea1e1c14c33a55	cdk_darwin_amd64
d7020b26924bfcef8d88089ad6f9f496cc9b39ed08ffaf3ae857703ae154c198	cdk_linux_386
2c901d5da52c1766eb638b8d1b35a276121f0fb2a7156cb591b4f7ca054c1ed7	cdk_linux_386_thin
6bfc3e0664e6aab7d6925ad1c191c75bc1f1f5b4dd4f8c073c5eef063ec92de7	cdk_linux_386_thin_upx
54e82ce2900876594c573f74437a23034f70f959e428bb2cf046afe73f6abc56	cdk_linux_386_upx
5b313e80767783165c9f99079a6210582b5f57fe4c3f34ab2c5d27e6b1a09695	cdk_linux_amd64
762df2cf658c629e22e2f30827bd2b42de41749e2a387635db41849911641121	cdk_linux_amd64_thin
b5c59b19f4a9301c29b40a6565a3c21dc71fd3baf14a755c67ca735b3d18cb9e	cdk_linux_amd64_thin_upx
c417429bfef774a5aad6d5a745b741f291fc0bd1b48514bfd4fbca9345e43384	cdk_linux_amd64_upx
6da016cefca0a050afb4c3dbf5e07f1af4fe69b24f1be45e56444fef537fd2b3	cdk_linux_arm
b6ef9851d887120994e19521814b994f750f0eac77ddc2ae60efd75ad085b02f	cdk_linux_arm64
de0be23b564e470725a91e72bf431667ab1d2d4e8cb318a1c18e66b3ba97340e	cdk_linux_arm64_thin

What's Changed

Better eva - feat(evaluate): support check setuid files in path by @neargle in https://github.com/cdk-team/CDK/pull/67

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.4.0...v1.4.1

CDK - CDK v1.4.0

Published by neargle about 2 years ago

Release Date: 2022-09-04

📜 Changelog

💣 Exploits

Perf(exp): add recommend message for lxcfs-rw and lxcfs-rw-cgroup exploit
Fix(exp): function undefined in macos
Feat(exp): support Exploit lxcfs-rw with cgroup release_agent

🔍 About Evaluate

Feat(evaluate): output all mount info and more colorfu (#64)
Perf(exp): add recommend message for lxcfs-rw and lxcfs-rw-cgroup exploit

✨ Others

Feat(evaluate): output all mount info and more colorfu (#64)
Perf(exp) #62: add recommend message for lxcfs-rw and lxcfs-rw-cgroup
Feat(exp): support Exploit lxcfs-rw with cgroup release_agent
Test(fix): fix import circle in TestParseCDKMain

What's Changed

feat(exp): support Exploit lxcfs-rw with cgroup release_agent by @lockedtang in https://github.com/cdk-team/CDK/pull/61
perf(exp): add recommend message for lxcfs-rw and lxcfs-rw-cgroup… by @neargle in https://github.com/cdk-team/CDK/pull/62
feat(evaluate): output all mount info and more colorfu by @neargle in https://github.com/cdk-team/CDK/pull/64

New Contributors

@lockedtang made their first contribution in https://github.com/cdk-team/CDK/pull/61

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.3.0...v1.4.0

🔑 Hash Table

SHA256	EXECTUE FILE
dbbe29d4095a98dbfc4e2ef1a26e0696f75930a04a274a2a207c0bd0296b7a24	cdk_darwin_amd64
b75d4f2cb82be9e774f78020bb86d8df9a8eeb6ceac18b823c4c6459a3ca7faf	cdk_linux_386
d836bdb64f2112e1fff1080145cd2f349478ba67e1d68bdfd9e734b114f7627d	cdk_linux_386_thin
1c8de7031ee8dbf83ffde0f1d6401dbc9d95059c984290b115bd58c20b86e8a6	cdk_linux_386_thin_upx
c02322e9bf5f1a0655cdaf316371f91257b9008d2ee6dde791bac5e8b2e5064d	cdk_linux_386_upx
954c9e0a1f8f731d410d27e525225760bf46f9df26d7fa63fac9cf848c1fea97	cdk_linux_amd64
28009247ff5f8ee93dcf3fa06e60eb43374eec61f816feb61081e2d53f4806be	cdk_linux_amd64_thin
37bfb3819257d612a6dfed9954c9ba4a8da62f6967ec8221c802d7eb97723113	cdk_linux_amd64_thin_upx
e3b434dad7f4330a5402271014b6a450ecf998aa10d66c640798d5b1d057639a	cdk_linux_amd64_upx
0dc31dff0221a2907f19a6feff091161297598b7fab68a0272f7ce0d7698abff	cdk_linux_arm
a9f51500eba6088cde85a398ebe8d14f4fb52a931f9988049ab7e14570f39498	cdk_linux_arm64
7abda12808ebda750211656c4a931ca9794121b42d2a0be50dee43b9fcc84718	cdk_linux_arm64_thin

CDK - CDK v1.3.0

Published by neargle over 2 years ago

Release Date: 2022-07-10

🔮 Support for some function on the kubelet. Waiting for July 18?

📜 Changelog

💣 Exploits

Test(main function): add unit test for ParseCDKMain
Feat(exp): support "Exploit container escape with kubelet log access & /var/log mount"
Feat(exp) (#55): Exploit a kubelet endpoint, default 10250

🧰 Tools

Test(main function): add unit test for ParseCDKMain

✨ Others

Test(github action): add go test
Fix(network): support getgateway in linux container
Docs(readme): add Quick Start
Feat(network): get gateway in pods
Feat(exp) (#55): Exploit a kubelet endpoint, default 10250

🔑 Hash Table

SHA256	EXECTUE FILE
c142ea52e700259405c0de3aae652fcbbe9d476ca40aafb4309c60538d03f6a0	cdk_darwin_amd64
c6b8be2b81f56a9f4330f7ccae161bda9de8deaf375bb8d1150264aa6fb502e9	cdk_linux_386
5866ad6e1eb1d3c5481179c4eae84fc733fca93782827f08b8e980dd455f8e1d	cdk_linux_386_thin
f116626cb8bd2787d19bbb0dbf578cbd09093e19ab27911beb1f61d46abb3845	cdk_linux_386_thin_upx
ae96f988b56a4ae501aa125e99d11308714290e287a21f97a4116b2bd9964079	cdk_linux_386_upx
ddf4573b4c5fdfd92657979d79b8d8c7658dbb36e9a794628438ff01d7cca1a5	cdk_linux_amd64
3ca57afb3c9a3154212ad9f9eb323ce2cae89d046e5bf05acb5730a311e4e9f3	cdk_linux_amd64_thin
0dcb0ef0bd6b1a018108265c2bd1acf0a34ac94f2fe012a3aea22a23b8a151c2	cdk_linux_amd64_thin_upx
9275c94ba6160e9de488089ba5e4df9f831aaa8a9e2dbe04d0c7ca7feb3a4cb8	cdk_linux_amd64_upx
99a0e78b14a0147999489e76b275e0a4503b03ed682cb382338a19472123b74d	cdk_linux_arm
023fbd9f1d087ec3cb0761e01d95503f055e72209f85513380ed1b32177ef570	cdk_linux_arm64
b92a34dfe966a9540d853cb5762574e659a33f965b532e453f5f0a2619505096	cdk_linux_arm64_thin

Contributor

@neargle @404tk

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.2.0...v1.3.0

CDK - CDK v1.2.0

Published by neargle over 2 years ago

Release Date: 2022-06-25

☑️ Release a new version in the hospital 💊.

What's Changed

add etcd get k8s token by @404tk in https://github.com/cdk-team/CDK/pull/52
perf(probe): output ending message by @neargle in https://github.com/cdk-team/CDK/pull/53
Fix #49 (shadow-apiserver): Flag --insecure-port has been deprecated by @neargle in https://github.com/cdk-team/CDK/pull/50

New Contributors

@404tk made their first contribution in https://github.com/cdk-team/CDK/pull/52
Thanks to @路飞 for privately reporting a bug, we fixed it in #49

📜 Changelog

💣 Exploits

Feat(etcd) #52: get K8s service account token in ETCD

🧰 Tools

Feat(etcd) #52: get K8s service account token in ETCD
Perf(probe): output ending message

🔑 Hash Table

SHA256	EXECTUE FILE
139c41629e75329a9582b0a3ca07327a134860d4cc3686795a5fb69d09ee50aa	cdk_darwin_amd64
1ff183ed7b15612ef77d444187d44d2e1d76df09fa1762c24c54ab45440c77b9	cdk_linux_386
c8664d51b579d5922ab8325a777048d8d661baf2767744829becb979784f76d9	cdk_linux_386_thin
eaa6c3fcb9e722d690183ae349ac2ca935aa9bcd2942f6f103fd8eb842dc5168	cdk_linux_386_thin_upx
bb6ca78dc8a3774eb3db52580c52bc6b47ca885d9881f5cb422c915ca2c2a7a9	cdk_linux_386_upx
5f62f9a20546e50fcb59aedca67b9fd9252c1c026ef81649bd9eb7366c4376aa	cdk_linux_amd64
0e411f4a58f7ca4e77a39c810bd1cb44eca9f8cbae2a20d1c3ed6d3f1b9c4f81	cdk_linux_amd64_thin
eec9b210d157d0ef16e7238c21bf66c6dd4806471853c3e976927f7be14ab918	cdk_linux_amd64_thin_upx
131c1f2e3e3062392bece1caca144ef426920af8c8a54912f8ec23321a766b5a	cdk_linux_amd64_upx
39f6d556d0567606d5763e60fecafeb3e5d16afd986c05602c06d2486d8d72c2	cdk_linux_arm
cca9d8bb94c36f2e971f834b980801d3fefd23fd8a25852867bb1be94d116963	cdk_linux_arm64
770e9e98e3ed07a224cbaf8fb78c5c9804b580f04470884cead4413616200621	cdk_linux_arm64_thin

CDK - CDK v1.1.1

Published by neargle over 2 years ago

Release Date: 2022-06-12

📜 Changelog

💣 Exploits

Fix #49(shadow-apiserver): Flag --insecure-port has been deprecated

🧰 Tools

Fix(kcurl): more info for statuscode not in MaybeSuccessfulStatuscodeList

✨ Others

Fix(kcurl): more info for statuscode not in MaybeSuccessfulStatuscodeList
Fix #49(shadow-apiserver): Flag --insecure-port has been deprecated

What's Changed

Fix #49 (shadow-apiserver): Flag --insecure-port has been deprecated by @neargle in https://github.com/cdk-team/CDK/pull/50

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.1.0...v1.1.1

🔑 Hash Table

SHA256	EXECTUE FILE
9ee370e295cb26ad1b06650144941dc380888d48e0c1ae446cdae7e00e055e82	cdk_darwin_amd64
4c4b0e00d9620697ba7ef9ff00fd58022b9e39db23dc65348fce5d3a321000e6	cdk_linux_386
697320ded8b271c975f6ff97a43eb7bc444cbe8648b8c5f34aa7652e14893306	cdk_linux_386_thin
aa862e916af73e90f28c1407d5a411121cb33eeee5bf1bd2f130887b3dbdfd7f	cdk_linux_386_thin_upx
56ab5129d379ec39c8037a5937b4ce5cf6680377786548df125b93473e67623a	cdk_linux_386_upx
8880e4d7caf33e5da9a785d4c2da5bdcc6ba6315f882900f88c0adf1872e8fb8	cdk_linux_amd64
9ed6afef63c00c3c4d2eb6003922a872f0125639201fdf2f04ce3ab3b991d2be	cdk_linux_amd64_thin
336b7dca10b75274a81c04cdba1989781ad742e968ebd41e5f901e66f106204c	cdk_linux_amd64_thin_upx
0956efa9072a03fddbe779da42e60df115e9d71bf9ac846ade8b751e4530b084	cdk_linux_amd64_upx
f13668c26c13b4e0a8a56ffbc758331f311bcb033c1c74b1711a2258d6ed2e22	cdk_linux_arm
fbebaaf3a90be35d2e00d1edf45b98799357f9321ff1b94ccfd2a22e44203052	cdk_linux_arm64
5d4d311ed2ab95bbd9698cbd26c83ce62ee9a665c462ef9f6fcee2406ab795c4	cdk_linux_arm64_thin

CDK - CDK v1.1.0

Published by neargle over 2 years ago

Release Date: 2022-05-30

📜 Changelog

💣 Exploits

Chore(usage): ocd and CDK in banner title
Docs(LICENSE): to the Apache License v2 and add file header(K8s style)
Fix #46 (exp): add "run" to 3 exp desc document
Fix(exp): runc-pwn error /proc/pid dir path
Fix #44 (exp): k8s-psp-dump check args error
Fix #45 (exp): check cmdline exclude cdk process
Chore(utils): remove same function with StringContains
Chore(exp & release): build mount cgroup only in linux

🔍 About Evaluate

Add DNS-Based Service Discovery
Perf(log): colorful usage
Docs(LICENSE): to the Apache License v2 and add file header(K8s style)
Feat(evaluate): get current pid cgroup info

🧰 Tools

Docs(LICENSE): to the Apache License v2 and add file header(K8s style)

✨ Others

Docs(thanks): add contrib rocks img in readme
Chore(github action): run Evaluate, Exploit and Tool for test
Add DNS-Based Service Discovery
Fix(opt): docopt parse error
Chroe(git): ignore vscode debug bin
Perf(log): colorful usage
Fix(action): del unnecessary build
Feat(evaluate): get current pid cgroup info
Fix(action): build cross-compiler in push & pull request
Chore(exp & release): build mount cgroup only in linux

🔑 Hash Table

SHA256	EXECTUE FILE
78012b117e06baee37f32962d1dbd603b02231d7c4117c577765ecbc245842d6	cdk_darwin_amd64
f5b77a3b40d262907ae6c65822622a5d9852fcba0251b9ddc391e8e896ffec2b	cdk_linux_386
259c9c57a74382b07c0a630b3094489b3aca263504b4fda79d3c20027e2a74fa	cdk_linux_386_thin
e2c267e1e289e975e1a4a2acf13f30eb04dbb4a4da24daae02c248dbb199e919	cdk_linux_386_thin_upx
a41520ae22cf2f079517745389a21e9f90df6376fb61bc4243808f8e494f08b1	cdk_linux_386_upx
32cd84b8c8e4df09df5aaf0c310a954d18b2cc96aaea2ca524b79f381afd3e55	cdk_linux_amd64
2a707260991123cf39ed723eaff4bf99db683ad35f58ad43c75c8fe2a5e9a4e7	cdk_linux_amd64_thin
b45f9a6c21f34801656affa29c1633288fe44f859a120c3e1a69d3880ce4f617	cdk_linux_amd64_thin_upx
3a87a1096cb7cd4dfeb7d8725aec180b68c3aab9393f50ebf0431cc7189b6d20	cdk_linux_amd64_upx
c346565a022b0f0c4957c33226e8b7a3d3359f8da8eeb97e60b50d6d3e1dea79	cdk_linux_arm
1392c9ae26021890c4fe0a3a960426da99e504d587b971408f40997d56e1ee63	cdk_linux_arm64
1416d3d651adeb29acbc825d7d537a379fdcb78102c36842a876dcf29e76c0e8	cdk_linux_arm64_thin

New Contributors

@wywwzjj made their first contribution in https://github.com/cdk-team/CDK/pull/48

Full Changelog: https://github.com/cdk-team/CDK/compare/v1.0.6...v1.1.0

CDK - CDK v1.0.6

Published by neargle over 2 years ago

💣 Awesome CVE-2022-0492 Exploit!

Release Date: 2022-03-10

📜 Changelog

💣 Exploits

Chore(exp & release): build mount cgroup only in linux
Fix(exp): unprivileged_userns_clone sysctl file do not exist in CentOS
Feat(exploit/abuse-unpriv-userns): exploit of CVE-2022-0492 (#41)
Feat(exp/mount_cgroup.go): completely fix #35 in golang-style
Fix #38 (exp): shim-pwn protobuf panic after run exploit

🔍 About Evaluate

Feat(caps): find out add caps

✨ Others

Chore(cli): add version info & commit id for debug

🔑 Hash Table

SHA256	EXECTUE FILE
b5fb2c18b9720d0bfc5f0d25a9922b6f0b88230e1005664885391ef140d7d489	cdk_darwin_amd64
371226668baa95b330676a6268145ad25bfc28f59710f35fc1888aa6b70a74a4	cdk_linux_386
0bb79f2fe4c5f6d451822a26cff27b172270bce29d7430e01bebe904cde0c215	cdk_linux_386_thin
fa7433173643095d5266fd465f88de45d6d157d72dc5915ab1334c03af63b4ba	cdk_linux_386_thin_upx
0976936c3c02be348ea926ce86c7204c7e9e59a092477e924c1a1d5bd97cfced	cdk_linux_386_upx
eae7c7548d28517d099afef1bc7664f098bfa3c533ee5a0cf763ab28480ebeeb	cdk_linux_amd64
ebab27736848eb90409384d231b939702ce97482cc231aba7d0acf58e02db438	cdk_linux_amd64_thin
72f7e33c5313aa5ab15b99778b1f3c4d50d4710b171a635994d0d01e47e8173b	cdk_linux_amd64_thin_upx
d697ea397da7603417baaf232512864bd8ecedde47dd199c2d32f653619f0f3b	cdk_linux_amd64_upx
cdf9041ba0603c7d7452a2866eee0eaa115ad5d8488d92c1c388c36d321301b1	cdk_linux_arm
4f52fb4cf7dd744b01695e5356442182bc9fdb635da8f766537c12e0d83ad18f	cdk_linux_arm64
68080b2cbfd4488f96e0c315ea7e8bf6204de010a05eeb2da621f78caa7254b9	cdk_linux_arm64_thin

PR

Implement mount-cgroup in Golang style by kmahyyg in https://github.com/cdk-team/CDK/pull/40
feat(exploit/abuse_unpriv_userns.go): exploit of CVE-2022-0492 by kmahyyg in https://github.com/cdk-team/CDK/pull/41

New Contributors

@kmahyyg made their first contribution in https://github.com/cdk-team/CDK/pull/40

CDK - CDK v1.0.5

Published by neargle over 2 years ago

💒 Happy wedding to my friend CDKKWANG, let's release a new version of CDK.
🌸 And fix some bugs by the way. Click to view more changelogs.

Release Date: 2022-03-06

📜 Changelog

💣 Exploits

Fix #38 (exp): shim-pwn protobuf panic after run exploit

🔍 About Evaluate

Feat(caps): find out add caps

✨ Others

Chore(cli): add version info & commit id for debug
Fix #38 (exp): shim-pwn protobuf panic after run exploit
Fix #37 (eva): add eva args to docopt
Chore: support for cdk eval
Feat(caps): find out add caps
Bump github.com/containerd/containerd from 1.4.11 to 1.4.12
Fix action: cedrickring/golang-action is archived, offical actions/setup-go action instead
Fix action: apply in all push and pull request
Bump github.com/tidwall/gjson from 1.6.7 to 1.9.3
Add event: https://community.cncf.io/events/details/cncf-kcd-china-presents-kubernetes-community-days-china/
Github action: git build test after a new pull request and push

🔑 Hash Table

SHA256	EXECTUE FILE
0e17084a14b6af8e50ae4917261546121279fd94299bea1f5fcaa77f18a0feaf	cdk_darwin_amd64
91cd0a590f86cbda8e33e5a4d90303f270ed6d17b8b36e50030f5a68beb7a704	cdk_linux_386
31b9c5ce299981849c4ec0f90e6dac5a7b894c654eab1c3db4099744a5594e80	cdk_linux_386_thin
e30443b3f19aafa06b3edb124228f6ac35aa51737c3eb78fa007ffdce9d75bc5	cdk_linux_386_thin_upx
aedb680859401bdea82e17109b9d6bb7ec6cfc26bf20687c14eea15c616efb52	cdk_linux_386_upx
c68ea57d7555c49ef4c5ea05363fe0ced7978e751331ea949005d70fff000a00	cdk_linux_amd64
330253612d4c4a3791acfd82257d5a4c1e68ec989e0647abfa4baa560cf0a046	cdk_linux_amd64_thin
a37e4ee0bb7651669d595d3bb44edd135f9d696648f36fb9e35af1e84ee6b795	cdk_linux_amd64_thin_upx
356bdd6cb7c92146fcee5812aba9eb101ff713ff67768bafd59b6f33a5d61eae	cdk_linux_amd64_upx
1b2c21dd0c747782c5b23b0ca390a23a17cb3fe437021c5f44e5d77d6b71f656	cdk_linux_arm
2518c6ab5e78e0f644a5c406d84778eb45991564ba136c266d9696fc6996e8ef	cdk_linux_arm64
a3995533605772461060559d6afae9de2726e86ef45a53bb924792fbe9baa325	cdk_linux_arm64_thin

CDK - CDK v1.0.4

Published by neargle about 3 years ago

Release Date: 2021-10-02

📜 Changelog

💣 Exploits

Fix DeployBackdoorDaemonset return true when error.
Fix build tag mistake in CapDacReadSearch Exploit
Better cap_dac_read_search exploit
Fix: http authorization token have blank string in prefix or subfix
Add force-fuzz option for k8s-psp-dump exploit
Add filter string for lxcfs-rw exploit

🔍 About Evaluate

Fix DeployBackdoorDaemonset return true when error.

🧰 Tools

Fix DeployBackdoorDaemonset return true when error.
Fix: http authorization token have blank string in prefix or subfix

✨ Others

Fix typo: KCON 2021 Arsenal
Add kcon2021 and whc2021
Format "run --list" output.
Add StringContains function
Add filter string for lxcfs-rw exploit
Bump github.com/containerd/containerd from 1.4.3 to 1.4.8

🔑 Hash Table

SHA256	EXECTUE FILE
1acd7ea1364e9c78d271cc8341ae804e8a6e143d4c31103d6dd5424dbc80498a	cdk_darwin_amd64
2dd16e2f18bd45ff80eb56a524d3af4e87f55054fdb3ada3d2a097824b6487ac	cdk_linux_386
c042f360a6deff1b41405dd0f5bee637fc8242d585c714410084ef068a90d9fc	cdk_linux_386_thin
ba69953f7e76cb9a1d4992fbb7db913284d265e7d32f6659dd3527874a473404	cdk_linux_386_thin_upx
35a4bba030e749de8667b0284982bd8d187a5ed9e1ced0b3c2e67136aa839cc7	cdk_linux_386_upx
07d53bb25aaa1b6ed1de40f0b8999be20a399172e49876cac3600503793df581	cdk_linux_amd64
9b1bcec7eb978a3412a5ec172181074837f08f4f9c256e8d9f6a8d7d2ce34d74	cdk_linux_amd64_thin
9e8a97e342f21509bdba9c4abfdefafe5b3a4fc60c046415ad397eca356e5d04	cdk_linux_amd64_thin_upx
fde15f9ac15ce720fff310f70bf5d36843516dbda4d98c9bfbcdec6ce44f28e8	cdk_linux_amd64_upx
a41c1b9b2b36e65dc1d8f57a08165289f44ed287893c18146fa32953bc2949fe	cdk_linux_arm
1d533c26001b29f11e09de0c350cab64faef97ea49a41f579d01b9ae74d2a0e9	cdk_linux_arm64
21582bab4103dda43821915b76e96870431e1f2f59bc0135ba4700008abdaa32	cdk_linux_arm64_thin

CDK - CDK v1.0.3

Published by neargle over 3 years ago

Release Date: 2021-07-08

📜 Changelog

💣 Exploits

Add exploit: to container image registry, brute force the accounts and passwords cracking

✨ Others

Add document for brute force the accounts and passwords cracking
Add meta-data api url of ucloud PR #24
Auto changelog: move changelog generate code to bash script

🔑 Hash Table

SHA256	EXECTUE FILE
313d2e2dad28703bf74b58c71131036e978667067d0cf77217435f10ff50a7df	cdk_darwin_amd64
51093bb7f3a947ed390aa2a560dbe91621379ef2125582249a5769aa5a58b379	cdk_linux_386
f889cf4f3cf56e385114be1e91477a51f5022cafb7bcd5cfc8eb20704e82e9e0	cdk_linux_386_thin
e01fee07234e35d11957d7ff65a5e2e7e0bac4a4ff061fd5b5d90a42701c1c49	cdk_linux_386_thin_upx
bf07c8fc6c899e793274614b8a98565fbedba9516c437c7594fec9fa15dd4d41	cdk_linux_386_upx
d2053465e2b96e8fb144090dd3cb1b7d02c1364f0d66eae234995c89c2f57c64	cdk_linux_amd64
bd3e5f1a848ec10158f529073a346f56c08a18c1e4cbfa1a85714037fe1561fe	cdk_linux_amd64_thin
4f188f89c92bb150c8b0b623d2041373b946a8920e97e464964ed79def029605	cdk_linux_amd64_thin_upx
e443f79a4b00598ac5a5adc8826b605db24b6345ae1fb4180aa4f173152fffc0	cdk_linux_amd64_upx
d57859e45a603966302841da3a61fa3e604a2ddd7be8bb2f1feb9bde74464061	cdk_linux_arm
635640f232a519c71fbdd148bfef9ef8f9c61909106f2d458273fa07830b21ea	cdk_linux_arm64
d650309e0c7cefdb0fd5c2f29e30282d0d2f1be44fc389158c5d011a987245b4	cdk_linux_arm64_thin

CDK - CDK v1.0.2

Published by neargle over 3 years ago

Release Date: 2021-06-17

📜 Changelog

💣 Exploits

Add CAP_DAC_READ_SEARCH exploit
Fix error when target mountpoint is not a directory
Add SYS_ADMIN check and format capability output
Fix: truncation or EOF when reading target file
Various supplements to cap-dac-read-search

🔍 About Evaluate

More infomations about available linux capabilities
Add SYS_ADMIN check and format capability output
Add check for CAP_SYS_MODULE and CAP_DAC_READ_SEARCH

✨ Others

Add meta-data api url of ucloud PR #24 from Alex-null/main
Auto changelog: move changelog generate code to bash script
Bash variables uppercase and add other changelogs
Changelog generation by automatic in github action
Add meta-data api url of Amazon Web Services Cloud
More infomations about available linux capabilities
Add check for CAP_SYS_MODULE and CAP_DAC_READ_SEARCH
Add check for OpenStack metadata
Add CAP_DAC_READ_SEARCH exploit
Update release note format

🔑 Hash Table

SHA256	EXECTUE FILE
c6986103a201b81ebf196dd945c4bf5b1992b4fd8db03479d7be2595a5c467fc	cdk_darwin_amd64
05776513007563031e633e1e5820914bfdcac5df19fe7fc93be680df32f75362	cdk_linux_386
0c9a9c3ce08d379b81646f92d8cb90fbd3fb384e497a4388f4bc33f1c4c41a44	cdk_linux_386_thin
080b84e655682e3b4cd130b009a6c838a4c96ea147796cf216ffe3ebbaa256b1	cdk_linux_386_thin_upx
f4e3039aaa1670e865d77746b6facb72dd3f72d8b240a972a6d48611b0ff4219	cdk_linux_386_upx
f4f23d5b522d8f58e46963452ce15087bcff3955bbea95306e24433dfeacbd3a	cdk_linux_amd64
6112fed1a30fcd45861afdbd13a6888f5cbeb6c3711d8262d6248eb4941aa2da	cdk_linux_amd64_thin
d0a793ba054cb2ce81173cdfed434c511aec8c631a3597d9581c191bc1525c2e	cdk_linux_amd64_thin_upx
bbae26473d5ca41404788c5b58ab495e9b7fdd988986657be0e0505400047207	cdk_linux_amd64_upx
11ae0608b6218b088dc3880ab366c93247bc33665a8a7f14b9da4d450e449dfe	cdk_linux_arm
3e1e22f3efa5aa2e7da26e2e6e82468e20de8d593b748f2521cfaf78d9043a2a	cdk_linux_arm64
a89e428291b7d4d870e2f24564c86bdaed721131926eeae10602c5b86295466c	cdk_linux_arm64_thin

CDK - CDK v1.0.1

Published by github-actions[bot] over 3 years ago

Fixes

fit exploit k8s-backdoor-daemonset for k8s- for k8s version >1.8. #13 @greenhandatsjtu
fit exploit k8s-shadow-apiserver for Tencent Cloud TKE cluster.

sha256	exectue file
eca140e2de5725eeaa29ab48f86e1745ef0232aaafd04298eccb742e1241171b	cdk_darwin_amd64
8956389a7a50dcf4b7ab221c1b91172e7f7fb298dbf43a8251abfb76334e7a4e	cdk_linux_386
67e7e9e8a9ae97ff4a2f1878746be4c10af64f43867d2e9ead31470145c689b8	cdk_linux_386_thin
72ce22f23461dffa813c1a36c37ae081664ee255cbaf0e4b87d5108ab3101df2	cdk_linux_386_thin_upx
6efb691f0411b0e57b39c9efae1a55033cb8d5de3911d1ed120bf8787f395f1f	cdk_linux_386_upx
7fe4d08596fc13f16ed9bc29345a09a153e7e006bad88289836092bfc0e1ff1d	cdk_linux_amd64
db32aad6f38b4b0b38b65ba962eb9c256640324f01cef1d9e9eda4a32106a8a5	cdk_linux_amd64_thin
0674724cfc3997eacbac08e11b5b416a818b1dab5c6be50861babdbf84c376ad	cdk_linux_amd64_thin_upx
2bb27f59beed6f28e048b581de811a1443aa880dc8172f3156146c4cf782b68b	cdk_linux_amd64_upx
d049e53c682c148dc71b1a794973ad8c782014f9f32836c72ad141d05d94f022	cdk_linux_arm
6bd11a9b68e81660518ccc9888cf6ea1f2d85c5bb33857f543298c2386e07bdf	cdk_linux_arm64
0f45809e1a640a7f54dd5211aff1b5239c310b0e81ddfb1244345ce6ec9d72e2	cdk_linux_arm64_thin

CDK - CDK v1.0

Published by github-actions[bot] over 3 years ago

New features

Make capabilities information readable.
Update cgroup and hostname capabilities in the evaluate module.
Update rewrite-cgroup-devices exploit to make it more stable.
More ports for k8s service probe.
Enable auto-pwn task.
New exploit: k8s-get-sa-token
New exploit: k8s-psp-dump
Release the thin version, now CDK can be easily used to pwn serverless/function service.
Use Github actions to compile and release.

Fixes

HTTP header set twice in several exploits.
Wrong parameter output in k8s-backdoor-daemonset exploit.

Release Date: 2021-04-11

sha256	exectue file
802cc16a8b00b49fbc1685cdfa652fabe7b53d5d0e1fe1a1da4ab0da59ec263f	cdk_darwin_amd64
b074de2206cbff42293870201e0faf2113986a64fba6cc4682e2a87f518ee7d4	cdk_linux_386
6e24ebb4b88122fe10261cb8cf32f92c812690c49aea29f2d708557ea5feb186	cdk_linux_386_thin
350189c879eb3d936a434927b1fa41d353d2ebdbc6589e9efa29ea5e05329fe5	cdk_linux_386_thin_upx
dbeab309b7ecd219233a56c43b0c95f88a39c7d1d524d5f71d319a5928a2b5ad	cdk_linux_386_upx
e4f24bd9724afff4200cf4c57eeb2ba37b9bf99b7add53ce1262e2e98c80a812	cdk_linux_amd64
0857d4485dee17166c1754eb699e8e8e720bff825717e5a23531cd4b8a3c30c1	cdk_linux_amd64_thin
752c9bc83cd57649bece5f5885d921fa0dfd8cb62df66b6db1df281e51cdb560	cdk_linux_amd64_thin_upx
28110f190791aa5b4ca3f0c36dfc39cda8716f165789599de34c8578a70357fd	cdk_linux_amd64_upx
cbfe1884821d8aa5cb10a0eec8719f8273b5a65f2ae826c7079006fff71f14e7	cdk_linux_arm
42e2d4b8d628e3df77baf23238076afb7003f1d31fb08032324f249d80df8302	cdk_linux_arm64
58ec2f3cc5cbbcf8add01a0f5f7c8331d830b7944a1031788a5afe4a70ec0a3d	cdk_linux_arm64_thin

CDK - CDK v0.1.10

Published by Xyntax over 3 years ago

bugfix run: check-ptrace
new exploit: docker-api-pwn to takeover host with port 2375 open.
change exploit docker-sock-deploy to docker-sock-pwn, the new exploit will run commands directly without attaching to the backdoor container.

CDK - CDK v0.1.9

Published by Xyntax over 3 years ago

More Exploits Enabled:

Evaluate kube-proxy route localnet(CVE-2020-8558) vulnerability.
Exploit LXC container with lxcfs mounted into container with rw privilege.
Exploit privileged containers with CGroup device.allow overwrite.

CDK - v0.1.8

Published by Xyntax almost 4 years ago

Add multiple K8s exploits.

Package Rankings

Top 4.15% on Proxy.golang.org

Related Projects

kube-ladder

Learning Kubernetes, The Chinese Taoist Way

15 Jul 2019 2,486

k8s-tutorial-cn

The most(might be) detailed Kubernetes tutorials in Chinese. 全网（可能）最详细的Kubernetes中文教程。

26 Oct 2023 1,312

inspektor-gadget

The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts.

16 Apr 2019 1,917

KubeArmor

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permiss...

26 Nov 2020 1,288

kube-fledged

A kubernetes operator for creating and managing a cache of container images directly on the clust...

26 Oct 2018 1,246

Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified S...

19 Aug 2020 1,885

awesome-k8s-resources

A curated list of awesome Kubernetes tools and resources.

05 Jul 2020 3,096

cdk8s-plus

A software development framework that provides high level abstractions for authoring Kubernetes a...

14 Sep 2021 131

honeycluster

Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - f...

10 Mar 2024 19

kubernetes

Production-Grade Container Scheduling and Management

06 Jun 2014 107,341

metarget

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

09 Apr 2021 1,015

kcp

Kubernetes-like control planes for form-factors and use-cases beyond Kubernetes and container wor...

31 Mar 2021 2,329

blogs

Blogs from @hrittikhere

10 Aug 2022 5

kubevela

The Modern Application Platform.

03 Jul 2020 6,112

kubeedge

Kubernetes Native Edge Computing Framework (project under CNCF)

28 Sep 2018 6,508