index.html

<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><title>Putdownd’s Blog - 躺平的BLOG</title><meta name="author" content="putdown"><meta name="copyright" content="putdown"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="Welcome to lie down">
<meta property="og:type" content="website">
<meta property="og:title" content="Putdownd’s Blog">
<meta property="og:url" content="https://blog.putdown.top/index.html">
<meta property="og:site_name" content="Putdownd’s Blog">
<meta property="og:description" content="Welcome to lie down">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://gh.putdown.top/https://raw.githubusercontent.com/futalk/tuchuang/main/img/Snipaste_2022-09-17_18-27-06.png">
<meta property="article:author" content="putdown">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://gh.putdown.top/https://raw.githubusercontent.com/futalk/tuchuang/main/img/Snipaste_2022-09-17_18-27-06.png"><link rel="shortcut icon" href="https://gh.putdown.top/https://raw.githubusercontent.com/futalk/tuchuang/main/img/Snipaste_2022-09-17_18-27-06.png"><link rel="canonical" href="https://blog.putdown.top/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//hm.baidu.com"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><meta name="baidu-site-verification" content="code-t8FWZKLQce"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css" media="print" onload="this.media='all'"><script>var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?f755324450eb55ec18bb83a2d2f2334e";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();
</script><script>const GLOBAL_CONFIG = { 
  root: '/',
  algolia: undefined,
  localSearch: {"path":"/search.xml","preload":true,"languages":{"hits_empty":"找不到您查询的内容：${query}"}},
  translate: undefined,
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '天',
  date_suffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  source: {
    justifiedGallery: {
      js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.js',
      css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.css'
    }
  },
  isPhotoFigcaption: true,
  islazyload: false,
  isAnchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
  title: 'Putdownd’s Blog',
  isPost: false,
  isHome: true,
  isHighlightShrink: false,
  isToc: false,
  postUpdate: '2023-11-17 07:59:13'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(win=>{
    win.saveToLocal = {
      set: function setWithExpiry(key, value, ttl) {
        if (ttl === 0) return
        const now = new Date()
        const expiryDay = ttl * 86400000
        const item = {
          value: value,
          expiry: now.getTime() + expiryDay,
        }
        localStorage.setItem(key, JSON.stringify(item))
      },

      get: function getWithExpiry(key) {
        const itemStr = localStorage.getItem(key)

        if (!itemStr) {
          return undefined
        }
        const item = JSON.parse(itemStr)
        const now = new Date()

        if (now.getTime() > item.expiry) {
          localStorage.removeItem(key)
          return undefined
        }
        return item.value
      }
    }
  
    win.getScript = url => new Promise((resolve, reject) => {
      const script = document.createElement('script')
      script.src = url
      script.async = true
      script.onerror = reject
      script.onload = script.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        script.onload = script.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(script)
    })
  
      win.activateDarkMode = function () {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = function () {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
          if (t === 'dark') activateDarkMode()
          else if (t === 'light') activateLightMode()
        
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    
    const detectApple = () => {
      if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
        document.documentElement.classList.add('apple')
      }
    }
    detectApple()
    })(window)</script><link rel="stylesheet" href="/css/style.css"><!-- hexo injector head_end start --><link rel="stylesheet" href="https://cdn.cbd.int/hexo-butterfly-clock-anzhiyu/lib/clock.min.css" /><!-- hexo injector head_end end --><meta name="generator" content="Hexo 6.1.0"><link rel="alternate" href="/atom.xml" title="Putdownd’s Blog" type="application/atom+xml">
</head><body><div id="web_bg"></div><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="https://gh.putdown.top/https://raw.githubusercontent.com/futalk/tuchuang/main/img/Snipaste_2022-09-17_18-27-06.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">115</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">30</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">0</div></a></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 全部文章</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('https://gh.putdown.top/https://raw.githubusercontent.com/futalk/tuchuang/main/img/1044829.jpg')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">Putdownd’s Blog</a></span><div id="menus"><div id="search-button"><a class="site-page social-icon search"><i class="fas fa-search fa-fw"></i><span> 搜索</span></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 全部文章</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">Putdownd’s Blog</h1><div id="site-subtitle"><span id="subtitle"></span></div><div id="site_social_icons"><a class="social-icon" href="https://github.com/futalk" rel="external nofollow noreferrer" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:burpburpsuite@outlook.com" rel="external nofollow noreferrer" target="_blank" title="Email"><i class="fas fa-envelope"></i></a><a class="social-icon" href="https://steamcommunity.com/profiles/76561198384837505/" rel="external nofollow noreferrer" target="_blank" title="Steam"><i class="fa-brands fa-steam"></i></a><a class="social-icon" href="/atom.xml" target="_blank" title="RSS"><i class="fa-solid fa-square-rss"></i></a><a class="social-icon" href="http://da.putdown.top/" rel="external nofollow noreferrer" target="_blank" title="导航页"><i class="fa-solid fa-compass"></i></a><a class="social-icon" href="https://wiki.putdown.top/#/" rel="external nofollow noreferrer" target="_blank" title="漏洞库"><i class="fa-solid fa-shield-halved"></i></a></div></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover left"><a href="/archives/4a17b156.html" title="Hello World"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Hello World"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/4a17b156.html" title="Hello World">Hello World</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-11-17T07:58:44.691Z" title="发表于 2023-11-17 07:58:44">2023-11-17</time></span></div><div class="content">Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.
Quick StartCreate a new post1$ hexo new &quot;My New Post&quot;

More info: Writing
Run server1$ hexo server

More info: Server
Generate static files1$ hexo generate

More info: Generating
Deploy to remote sites1$ hexo deploy

More info: Deployment
</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/archives/112a2c31.html" title="Jumpserver  -（CVE-2023-42820）"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Jumpserver  -（CVE-2023-42820）"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/112a2c31.html" title="Jumpserver  -（CVE-2023-42820）">Jumpserver  -（CVE-2023-42820）</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-11-17T07:43:40.956Z" title="发表于 2023-11-17 07:43:40">2023-11-17</time></span></div><div class="content">Jumpserver随机数种子泄露导致账户劫持漏洞（CVE-2023-42820）
靶场环境： vulhub
在其3.6.4及以下版本中，存在一处账户接管漏洞。攻击者通过第三方库django-simple-captcha泄露的随机数种子推算出找回密码时的用户Token，最终修改用户密码。

复现
点击忘记密码



点击验证码，右键新窗口打开



得到伪随机数种子seed

1http://192.168.72.129:8080/core/auth/captcha/image/2aafd36176af0093fdb48a54bfae6657648db09a/



回到忘记密码位置



填写用户名验证码，本次用户名为admin
得到随机的token值


利用过程
根据vulhub靶场内攻击

1https://github.com/vulhub/vulhub/blob/master/jumpserver/CVE-2023-42820/poc.py


开始利用



-t 指定目标Jumpserver服务器地址
--email 指定待劫持用户的邮箱地址
--seed 前面记下来的 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/archives/7fa35abb.html" title="CiCd-Goat"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="CiCd-Goat"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/7fa35abb.html" title="CiCd-Goat">CiCd-Goat</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-11-01T07:06:36.614Z" title="发表于 2023-11-01 07:06:36">2023-11-01</time></span></div><div class="content">CiCd-Goat前提1234567891011121314151617- Jenkins：http://localhost:8080- Username: alice- Password: alice- Gitea：http://localhost:3000- Username: thealice- Password: thealice如果你想仔细查看管理员是如何配置的环境，可以使用如下凭据登录后台：- CTFd- Username: admin- Password: ciderland5#- Jenkins- Username: admin- Password: ciderland5#- Gitea- Username: red_queen- Password: ciderland5#

EasyWhite Rabbit
我来晚了，我来晚了！没时间说你好，再见！在您被抓之前，请使用您对Wonderland&#x2F;white-rabbit存储库的访问权限来窃取存储在 Jenkins 凭证存储中的flag1机密。还有两个提示：

尝试通过存储库触发管道。
如何使用 Jenkinsf ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/archives/d4e3a357.html" title="Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/d4e3a357.html" title="Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20">Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-31T07:11:52.381Z" title="发表于 2023-10-31 07:11:52">2023-10-31</time></span></div><div class="content">KubeAudit - Audit Kubernetes clustersKubeAudit - 审核Kubernetes集群
kubeaudit 是一个命令行工具和一个 Go 包，用于审计 Kubernetes 集群的各种安全问题。

1kubectl run -n kube-system  --rm --restart=Never -it --image=madhuakula/hacker-container -- bash


下载kubeaudit

1wget https://github.com/Shopify/kubeaudit/releases/download/v0.21.0/kubeaudit_0.21.0_linux_amd64.tar.gz


执行

1kubeaudit all


Falco - Runtime security monitoring &amp; detectionFalco - 运行时安全监测和检测
部署 Falco

123helm repo add falcosecurity https://falcosecurity.github. ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/archives/e4359b16.html" title="Kubernetes Goat 16 - RBAC least privileges misconfiguration"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 16 - RBAC least privileges misconfiguration"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/e4359b16.html" title="Kubernetes Goat 16 - RBAC least privileges misconfiguration">Kubernetes Goat 16 - RBAC least privileges misconfiguration</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-31T07:05:46.254Z" title="发表于 2023-10-31 07:05:46">2023-10-31</time></span></div><div class="content">RBAC least privileges misconfigurationRBAC 最低特权配置错误
由于Kubernetes默认情况下将所有secrets、tokens和service accounts信息都存储在一个固定的目录。直接访问这个目录，查找敏感的信息：

1cd /var/run/secrets/kubernetes.io/serviceaccount/



要指向内部 API 服务器主机名，我们可以从环境变量中导出它

1export APISERVER=https://$&#123;KUBERNETES_SERVICE_HOST&#125;


设置 ServiceAccount 令牌的路径

1export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount


设置命名空间值

1export NAMESPACE=$(cat $&#123;SERVICEACCOUNT&#125;/namespace)


读取 ServiceAccount token

1export TOKEN=$(ca ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/archives/70421bde.html" title="Kubernetes Goat 15 - Hidden in layers"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 15 - Hidden in layers"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/70421bde.html" title="Kubernetes Goat 15 - Hidden in layers">Kubernetes Goat 15 - Hidden in layers</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-30T09:27:18.805Z" title="发表于 2023-10-30 09:27:18">2023-10-30</time></span></div><div class="content">Hidden in layers隐藏在层中1kubectl get jobs

1kubectl describe job 


找到hidden-in-layers-czrlb

1kubectl get pod hidden-in-layers-czrlb -o yaml


找到完整的镜像名字，拉取镜像

1docker pull madhuakula/k8s-goat-hidden-in-layers:latest


通过利用 docker 内置命令将 docker 镜像导出为 tar 文件

1docker save madhuakula/k8s-goat-hidden-in-layers -o hidden-in-layers.tar


使用dive分析镜像
https://github.com/wagoodman/dive/releases

1./dive madhuakula/k8s-goat-hidden-in-layers


得知敏感文件和路径



解压上面的的hidden-in-layers.tar文件
根据上面的路径找到文件


结束</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/archives/5d4cc7e4.html" title="Kubernetes Goat 12 &amp; 13 &amp; 14"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 12 &amp; 13 &amp; 14"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/5d4cc7e4.html" title="Kubernetes Goat 12 &amp; 13 &amp; 14">Kubernetes Goat 12 &amp; 13 &amp; 14</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-30T08:10:18.450Z" title="发表于 2023-10-30 08:10:18">2023-10-30</time></span></div><div class="content">12: Gaining environment information获取环境信息
访问连接
Kubernetes中的每个环境都会有很多信息要共享。包括Secrets、API Keys、配置、服务等等关键内容。
使用一些命令在服务器内信息收集

1234567891011idcat /proc/self/cgroupcat /etc/hostsmountls -la /home/printenv


13: DoS the Memory&#x2F;CPU resources拒绝服务（DoS）内存&#x2F;CPU资源
pod未在 Kubernetes清单中设置任何资源限制。所以我们可以轻松执行一些列消耗资源的操作。
在这个 pod中，安装了一个名为 stress-ng的程序



执行 stress-ng的程序

1stress-ng --vm 2 --vm-bytes 2G --timeout 30s

14: Hacker container preview黑客容器预览1kubectl run -it hacker-container --image=madhuakula/hack ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/archives/ae734c99.html" title="Kubernetes Goat 11 -  Kubernetes namespaces bypass"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 11 -  Kubernetes namespaces bypass"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/ae734c99.html" title="Kubernetes Goat 11 -  Kubernetes namespaces bypass">Kubernetes Goat 11 -  Kubernetes namespaces bypass</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-30T07:46:04.128Z" title="发表于 2023-10-30 07:46:04">2023-10-30</time></span></div><div class="content">Kubernetes namespaces bypassKubernetes 命名空间绕过
运行hacker-container镜像

1kubectl run -it hacker-container --image=madhuakula/hacker-container -- sh


报错的话运行这一条

1kubectl run -it hacker-container-2 --image=madhuakula/hacker-container -- sh



查看ip
寻找redis

1nmap -sT -open -p 6379 10.244.0.0/16



连接redis

1redis-cli -h 10.244.0.7



集群内还有许多其他的服务和资源，比如ElasticSearch，Mongo等等

</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/archives/24c73fc4.html" title="Kubernetes Goat 08 &amp; 09 &amp; 10"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 08 &amp; 09 &amp; 10"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/24c73fc4.html" title="Kubernetes Goat 08 &amp; 09 &amp; 10">Kubernetes Goat 08 &amp; 09 &amp; 10</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-30T07:05:01.546Z" title="发表于 2023-10-30 07:05:01">2023-10-30</time></span></div><div class="content">08：NodePort exposed servicesNodePort 暴露的服务12345nmap 192.168.72.129 -sT -p30000-32767PORT      STATE SERVICE30003/tcp open  amicon-fpsu-ra

09：Helm v2 tiller to PwN the clusterHelm v2 tiller 风险
此方案已被弃用，供学习参考，环境默认是 Helm v3版本，可以安装Helm v2版本来实验

10：Analyzing crypto miner container分析被部署挖矿软件的容器镜像
查看工作任务详情

1kubectl describe job batch-check-job



获取Pod信息

1kubectl get pods --namespace default -l &quot;job-name=batch-check-job&quot;


获取pod信息manifest并分析

1kubectl get pod batch-check-job-gpfq4 -o yaml


 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/archives/b5ada9a5.html" title="Kubernetes Goat 07 - Attacking private registry"><img class="post_bg" src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 07 - Attacking private registry"></a></div><div class="recent-post-info"><a class="article-title" href="/archives/b5ada9a5.html" title="Kubernetes Goat 07 - Attacking private registry">Kubernetes Goat 07 - Attacking private registry</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-28T08:56:53.224Z" title="发表于 2023-10-28 08:56:53">2023-10-28</time></span></div><div class="content">Attacking private registry攻击私有仓库
http://192.168.72.129:1235/



http://192.168.72.129:1235/v2/
http://192.168.32.130:1235/v2/\_catalog，查看docker仓库信息



根据官方文档：https://docs.docker.com/registry/

1http://192.168.72.129:1235/v2/_catalog/adhuakula/k8s-goat-users-repo/manifests/latest



往下翻一翻配置文件


</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><span class="space">&hellip;</span><a class="page-number" href="/page/12/#content-inner">12</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="https://gh.putdown.top/https://raw.githubusercontent.com/futalk/tuchuang/main/img/Snipaste_2022-09-17_18-27-06.png" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">putdown</div><div class="author-info__description">Welcome to lie down</div></div><div class="card-info-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">115</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">30</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">0</div></a></div><a id="card-info-btn" target="_blank" rel="noopener external nofollow noreferrer" href="https://putdown.top/"><i class="fa-solid fa-window-restore"></i><span>我的网站列表</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/futalk" rel="external nofollow noreferrer" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:burpburpsuite@outlook.com" rel="external nofollow noreferrer" target="_blank" title="Email"><i class="fas fa-envelope"></i></a><a class="social-icon" href="https://steamcommunity.com/profiles/76561198384837505/" rel="external nofollow noreferrer" target="_blank" title="Steam"><i class="fa-brands fa-steam"></i></a><a class="social-icon" href="/atom.xml" target="_blank" title="RSS"><i class="fa-solid fa-square-rss"></i></a><a class="social-icon" href="http://da.putdown.top/" rel="external nofollow noreferrer" target="_blank" title="导航页"><i class="fa-solid fa-compass"></i></a><a class="social-icon" href="https://wiki.putdown.top/#/" rel="external nofollow noreferrer" target="_blank" title="漏洞库"><i class="fa-solid fa-shield-halved"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">网站的目的仅限用于分享和学习！ 如果有错误的地方请多多批评指正，我会第一时间进行修改。</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/archives/4a17b156.html" title="Hello World"><img src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Hello World"/></a><div class="content"><a class="title" href="/archives/4a17b156.html" title="Hello World">Hello World</a><time datetime="2023-11-17T07:58:44.691Z" title="发表于 2023-11-17 07:58:44">2023-11-17</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/archives/112a2c31.html" title="Jumpserver  -（CVE-2023-42820）"><img src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Jumpserver  -（CVE-2023-42820）"/></a><div class="content"><a class="title" href="/archives/112a2c31.html" title="Jumpserver  -（CVE-2023-42820）">Jumpserver  -（CVE-2023-42820）</a><time datetime="2023-11-17T07:43:40.956Z" title="发表于 2023-11-17 07:43:40">2023-11-17</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/archives/7fa35abb.html" title="CiCd-Goat"><img src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="CiCd-Goat"/></a><div class="content"><a class="title" href="/archives/7fa35abb.html" title="CiCd-Goat">CiCd-Goat</a><time datetime="2023-11-01T07:06:36.614Z" title="发表于 2023-11-01 07:06:36">2023-11-01</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/archives/d4e3a357.html" title="Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20"><img src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20"/></a><div class="content"><a class="title" href="/archives/d4e3a357.html" title="Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20">Kubernetes Goat 17 &amp; 18 &amp; 19 &amp; 20</a><time datetime="2023-10-31T07:11:52.381Z" title="发表于 2023-10-31 07:11:52">2023-10-31</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/archives/e4359b16.html" title="Kubernetes Goat 16 - RBAC least privileges misconfiguration"><img src="/img/e5925563a436d850cfc6184421b9ec77.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Kubernetes Goat 16 - RBAC least privileges misconfiguration"/></a><div class="content"><a class="title" href="/archives/e4359b16.html" title="Kubernetes Goat 16 - RBAC least privileges misconfiguration">Kubernetes Goat 16 - RBAC least privileges misconfiguration</a><time datetime="2023-10-31T07:05:46.254Z" title="发表于 2023-10-31 07:05:46">2023-10-31</time></div></div></div></div><div class="card-widget card-tags"><div class="item-headline"><i class="fas fa-tags"></i><span>标签</span></div><div class="card-tag-cloud"><a href="/tags/Burp-Suite/" style="font-size: 1.26em; color: #999fa8">Burp Suite</a> <a href="/tags/DVWA/" style="font-size: 1.34em; color: #99a3b0">DVWA</a> <a href="/tags/Kubernetes-Goat/" style="font-size: 1.18em; color: #999ca1">Kubernetes Goat</a> <a href="/tags/Linux/" style="font-size: 1.1em; color: #999">Linux</a> <a href="/tags/SQL%E6%B3%A8%E5%85%A5/" style="font-size: 1.34em; color: #99a3b0">SQL注入</a> <a href="/tags/Vulnhub/" style="font-size: 1.5em; color: #99a9bf">Vulnhub</a> <a href="/tags/Windows/" style="font-size: 1.18em; color: #999ca1">Windows</a> <a href="/tags/XSS/" style="font-size: 1.1em; color: #999">XSS</a> <a href="/tags/XSS-labs/" style="font-size: 1.1em; color: #999">XSS-labs</a> <a href="/tags/hexo/" style="font-size: 1.18em; color: #999ca1">hexo</a> <a href="/tags/http/" style="font-size: 1.1em; color: #999">http</a> <a href="/tags/linux/" style="font-size: 1.1em; color: #999">linux</a> <a href="/tags/metasploit/" style="font-size: 1.1em; color: #999">metasploit</a> <a href="/tags/nmap/" style="font-size: 1.1em; color: #999">nmap</a> <a href="/tags/python/" style="font-size: 1.1em; color: #999">python</a> <a href="/tags/sql-labs/" style="font-size: 1.42em; color: #99a6b7">sql-labs</a> <a href="/tags/sqlmap/" style="font-size: 1.1em; color: #999">sqlmap</a> <a href="/tags/upload-labs/" style="font-size: 1.1em; color: #999">upload-labs</a> <a href="/tags/%E4%BA%91%E5%AE%89%E5%85%A8/" style="font-size: 1.18em; color: #999ca1">云安全</a> <a href="/tags/%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/" style="font-size: 1.18em; color: #999ca1">信息收集</a> <a href="/tags/%E5%8F%8D%E5%BC%B9shell/" style="font-size: 1.1em; color: #999">反弹shell</a> <a href="/tags/%E6%90%9C%E7%B4%A2/" style="font-size: 1.1em; color: #999">搜索</a> <a href="/tags/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F-%E6%95%B0%E6%8D%AE%E5%BA%93/" style="font-size: 1.1em; color: #999">操作系统&数据库</a> <a href="/tags/%E6%95%B0%E6%8D%AE%E5%BA%93/" style="font-size: 1.1em; color: #999">数据库</a> <a href="/tags/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0/" style="font-size: 1.1em; color: #999">文件上传</a> <a href="/tags/%E6%9C%AF%E8%AF%AD/" style="font-size: 1.1em; color: #999">术语</a> <a href="/tags/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" style="font-size: 1.34em; color: #99a3b0">漏洞复现</a> <a href="/tags/%E7%BC%96%E8%BE%91%E5%99%A8/" style="font-size: 1.1em; color: #999">编辑器</a> <a href="/tags/%E7%BD%91%E7%BB%9C/" style="font-size: 1.1em; color: #999">网络</a> <a href="/tags/%E9%9D%B6%E5%9C%BA/" style="font-size: 1.1em; color: #999">靶场</a></div></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span><a class="card-more-btn" href="/archives/" title="查看更多">
    <i class="fas fa-angle-right"></i></a></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/11/"><span class="card-archive-list-date">十一月 2023</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/10/"><span class="card-archive-list-date">十月 2023</span><span class="card-archive-list-count">19</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/08/"><span class="card-archive-list-date">八月 2023</span><span class="card-archive-list-count">4</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/07/"><span class="card-archive-list-date">七月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/02/"><span class="card-archive-list-date">二月 2023</span><span class="card-archive-list-count">8</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/12/"><span class="card-archive-list-date">十二月 2022</span><span class="card-archive-list-count">10</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/11/"><span class="card-archive-list-date">十一月 2022</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/10/"><span class="card-archive-list-date">十月 2022</span><span class="card-archive-list-count">9</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">115</div></div><div class="webinfo-item"><div class="item-name">已运行时间 :</div><div class="item-count" id="runtimeshow" data-publishDate="2000-03-16T00:00:00.000Z"></div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2023-11-17T07:59:12.483Z"></div></div></div></div><div class="card-widget card-hitokoto"><div class="card-content"><div class="item-headline"><i class="fas fa-quote-left"></i><span>一言</span><div id="hitokoto">:D 获取中...</div><i id="hitofrom">:D 获取中...</i><script src="https://cdn.jsdelivr.net/npm/bluebird@3/js/browser/bluebird.min.js"></script><script src="https://cdn.jsdelivr.net/npm/whatwg-fetch@2.0.3/fetch.min.js"></script><script>fetch('https://v1.hitokoto.cn')
  .then(function (res){
  return res.json();
})
.then(function (data) {
  var hitokoto = document.getElementById('hitokoto');
  hitokoto.innerText = data.hitokoto;
  var hitofrom = document.getElementById('hitofrom');
  hitofrom.innerText = "　　　　　——" + data.from + '';
})
.catch(function (err) {
  console.error(err);
})</script></div></div></div></div></div></main><footer id="footer" style="background-image: url('https://gh.putdown.top/https://raw.githubusercontent.com/futalk/tuchuang/main/img/1044829.jpg')"><div id="footer-wrap"><div class="copyright">&copy;2020 - 2023 By putdown</div><div class="footer_custom_text"><div> Welcome to lie down </div></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div id="local-search"><div class="search-dialog"><nav class="search-nav"><span class="search-dialog-title">搜索</span><span id="loading-status"></span><button class="search-close-button"><i class="fas fa-times"></i></button></nav><div class="is-center" id="loading-database"><i class="fas fa-spinner fa-pulse"></i><span>  数据库加载中</span></div><div class="search-wrap"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div><hr/><div id="local-search-results"></div></div></div><div id="search-mask"></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.js"></script><script src="/js/search/local-search.js"></script><div class="js-pjax"><script>function subtitleType () {
  if (true) { 
    window.typed = new Typed("#subtitle", {
      strings: ["永远不要只满足于世界的表象，要敢于探寻未知的可能。"],
      startDelay: 300,
      typeSpeed: 150,
      loop: false,
      backSpeed: 50
    })
  } else {
    document.getElementById("subtitle").innerHTML = '永远不要只满足于世界的表象，要敢于探寻未知的可能。'
  }
}

if (true) {
  if (typeof Typed === 'function') {
    subtitleType()
  } else {
    getScript('https://cdn.jsdelivr.net/npm/typed.js/lib/typed.min.js').then(subtitleType)
  }
} else {
  subtitleType()
}</script></div><script defer="defer" id="ribbon" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc@1/dist/canvas-ribbon.min.js" size="150" alpha="0.6" zIndex="-1" mobile="false" data-click="true"></script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div><!-- hexo injector body_end start --><script data-pjax>
  function butterfly_clock_anzhiyu_injector_config(){
    var parent_div_git = document.getElementsByClassName('sticky_layout')[0];
    var item_html = '<div class="card-widget card-clock"><div class="card-glass"><div class="card-background"><div class="card-content"><div id="hexo_electric_clock"><img class="entered loading" id="card-clock-loading" src="https://cdn.cbd.int/hexo-butterfly-clock-anzhiyu/lib/loading.gif" style="height: 120px; width: 100%;" data-ll-status="loading"/></div></div></div></div></div>';
    console.log('已挂载butterfly_clock_anzhiyu')
    if(parent_div_git) {
      parent_div_git.insertAdjacentHTML("afterbegin",item_html)
    }
  }
  var elist = 'null'.split(',');
  var cpage = location.pathname;
  var epage = 'all';
  var qweather_key = '92c0b85004c94c3a97297a4fd2f8c93e';
  var gaud_map_key = '5544b267bba4ecd452e5b3f7327b1b8a';
  var baidu_ak_key = 'undefined';
  var flag = 0;
  var clock_rectangle = '112.982279,28.19409';
  var clock_default_rectangle_enable = 'false';

  for (var i=0;i<elist.length;i++){
    if (cpage.includes(elist[i])){
      flag++;
    }
  }

  if ((epage ==='all')&&(flag == 0)){
    butterfly_clock_anzhiyu_injector_config();
  }
  else if (epage === cpage){
    butterfly_clock_anzhiyu_injector_config();
  }
  </script><script src="https://widget.qweather.net/simple/static/js/he-simple-common.js?v=2.0"></script><script data-pjax src="https://cdn.cbd.int/hexo-butterfly-clock-anzhiyu/lib/clock.min.js"></script><!-- hexo injector body_end end --></body></html>