-
Notifications
You must be signed in to change notification settings - Fork 121
/
Copy pathinject-into-pod-alpha.go
77 lines (64 loc) · 2.9 KB
/
inject-into-pod-alpha.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package peirates
import (
"fmt"
"os"
"os/exec"
"syscall"
)
func injectAndExecMenu(connectionString ServerInfo) {
println("\nThis item has been removed from the menu and is currently not supported.\n")
println("\nChoose a pod to inject peirates into:\n")
runningPods := getPodList(connectionString)
for i, listpod := range runningPods {
fmt.Printf("[%d] %s\n", i, listpod)
}
println("Enter the number of a pod to inject peirates into: ")
var choice int
_, err := fmt.Scanln(&choice)
if err != nil {
println("[-] Error reading input: ", err)
return
}
podName := runningPods[choice]
injectIntoAPodViaAPIServer(connectionString, podName)
}
func injectIntoAPodViaAPIServer(connectionString ServerInfo, pod string) {
if !kubectlAuthCanI(connectionString, "exec", "pods") {
println("[-] Permission Denied: your service account isn't allowed to exec into pods")
return
}
println("[+] ALPHA Feature: Transferring a copy of Peirates into pod:", pod)
// First, try copying the binary in via a kubectl cp command.
filename := os.Getenv("_")
destination := pod + ":/tmp"
copyIntoPod, _, err := runKubectlSimple(connectionString, "cp", filename, destination)
if err != nil {
fmt.Printf("[-] Copying peirates into pod %s failed.\n", pod)
} else {
println(string(copyIntoPod))
println("[+] Transfer successful")
// println("Do you wish to [1] move entirely into that pod OR [2] be given a copy-pastable command so you can keep this peirates instance?")
// Feature request: give the user the option to exec into the next pod.
// $_
// runKubectlSimple (exec -it pod /tmp/peirates)
// println("Option 2 is: ")
// CA path
caPath := "--certificate-authority=" + connectionString.CAPath
args := []string{"kubectl", "--token", connectionString.Token, caPath, "-n", connectionString.Namespace, "exec", "-it", pod, "--", "/tmp/peirates"}
path, lookErr := exec.LookPath("kubectl")
if lookErr != nil {
println("kubectl not found in the PATH in this pod. You can correct this and try again. Alternatively:\n")
println("Start up a new process, put a copy of kubectl in it, and move into that pod by running the following command:\n\n")
println("kubectl --token " + connectionString.Token + " --certificate-authority=" + connectionString.CAPath + " -n " + connectionString.Namespace + " exec -it " + pod + " -- /tmp/peirates\n")
} else {
env := os.Environ()
/* #gosec G204 - this code is intended to run arbitrary commands for the user */
execErr := syscall.Exec(path, args, env)
if execErr != nil {
println("[-] Exec failed - try manually, as below.\n")
println("Start up a new process, put a copy of kubectl in it, and move into that pod by running the following command:\n\n")
println("kubectl --token " + connectionString.Token + " --certificate-authority=" + connectionString.CAPath + " -n " + connectionString.Namespace + " exec -it " + pod + " -- /tmp/peirates\n")
}
}
}
}