NodePort exposed services

Scenario Information

If any of the user has exposed any service with in the Kubernetes cluster with NodePort. This means, if the nodes where the Kubernetes clusters running doesn't have any firewall/network security enabled. We ned seeing some unauthenticated an unauthorized services.

  • To get started with the scenario, run the following command and look for open ports in the Kubernetes Nodes
kubectl get nodes -o wide

When Kubernetes creates a NodePort service, it allocates a port from a range specified in the flags that define your Kubernetes cluster. (By default, these are ports ranging from 30000-32767.)

Scenario Solution

  • Get the list of Kubernetes nodes external IP addresses information
kubectl get nodes -o wide

Scenario 8 get nodes

  • Now, let's find out the open port. In this case you can use your traditional security scanning utilities like Nmap

  • Once we identified that there is a NodePort exposed, we can just verify by connecting to it and access

nc -zv EXTERNAL-IP-ADDRESS 30003

Scenario 8 access nodeport

This vulnerability/attack varies depends on how the Kubernetes cluster has been configured

Miscellaneous

TBD