容器渗透横向

本质上要获得

1.获得容器IP段

2.获得主机IP段

3.获得本机IP

4.通过CNI或Docker0等扫描本机端口

Flannel

容器信息

root@ubuntu-linux-22-04-desktop:/home/parallels/Desktop# k get po -A -o wide
NAMESPACE      NAME                                                 READY   STATUS                   RESTARTS         AGE    IP            NODE                         NOMINATED NODE   READINESS GATES
default        escaper                                              1/1     Running                  0                24h    10.244.0.53   ubuntu-linux-22-04-desktop   <none>           <none>
default        rootdir-escape-7d96587449-cjhz7                      1/1     Running                  4 (3d2h ago)     33d    10.244.1.94   node2                        <none>           <none>
default        rootdir-escape-7d96587449-ftmhp                      0/1     ContainerStatusUnknown   4 (33d ago)      83d    10.244.1.56   node2                        <none>           <none>
default        tomcat01-7f555c84f7-hgzjh                            0/1     ImagePullBackOff         0                25h    10.244.0.49   ubuntu-linux-22-04-desktop   <none>           <none>
default        tomcat01-7fd8849567-gthhh                            0/1     ImagePullBackOff         1 (3d2h ago)     33d    10.244.1.93   node2                        <none>           <none>
kube-flannel   kube-flannel-ds-7jmkz                                1/1     Running                  10 (3d2h ago)    57d    10.211.55.7   node2                        <none>           <none>
kube-flannel   kube-flannel-ds-fg7wh                                1/1     Running                  89 (3d ago)      439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    coredns-6d8c4cb4d-7ll4q                              1/1     Running                  14966 (3d ago)   439d   10.244.0.48   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    coredns-6d8c4cb4d-v2v6s                              1/1     Running                  14970 (3d ago)   439d   10.244.0.46   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    etcd-ubuntu-linux-22-04-desktop                      1/1     Running                  11 (3d ago)      118d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-apiserver-ubuntu-linux-22-04-desktop            1/1     Running                  433 (3d ago)     400d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-controller-manager-ubuntu-linux-22-04-desktop   1/1     Running                  855 (3d ago)     439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-proxy-wbhzx                                     1/1     Running                  84 (3d ago)      439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
kube-system    kube-proxy-wbnkq                                     1/1     Running                  9 (3d2h ago)     57d    10.211.55.7   node2                        <none>           <none>
kube-system    kube-scheduler-ubuntu-linux-22-04-desktop            1/1     Running                  900 (3d ago)     439d   10.211.55.6   ubuntu-linux-22-04-desktop   <none>           <none>
sectest        detector-5qvmq                                       1/1     Running                  4 (3d ago)       21d    10.244.0.47   ubuntu-linux-22-04-desktop   <none>           <none>
sectest        detector-kd6hm                                       1/1     Running                  3 (3d2h ago)     21d    10.244.1.92   node2

网卡信息

node1

root@ubuntu-linux-22-04-desktop:/home/parallels/code/CloudPentestSuite# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:1c:42:23:16:2f brd ff:ff:ff:ff:ff:ffinet 10.211.55.6/24 metric 100 brd 10.211.55.255 scope global dynamic enp0s5valid_lft 1002sec preferred_lft 1002secinet6 fdb2:2c26:f4e4:0:21c:42ff:fe23:162f/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 2591674sec preferred_lft 604474secinet6 fe80::21c:42ff:fe23:162f/64 scope link valid_lft forever preferred_lft forever
3: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:a9:12:87:bc brd ff:ff:ff:ff:ff:ffinet 172.19.0.1/16 brd 172.19.255.255 scope global docker_gwbridgevalid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:95:9f:9c:b1 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:95ff:fe9f:9cb1/64 scope link valid_lft forever preferred_lft forever
5: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 2e:52:7e:36:bb:f6 brd ff:ff:ff:ff:ff:ffinet 10.244.0.0/32 scope global flannel.1valid_lft forever preferred_lft foreverinet6 fe80::2c52:7eff:fe36:bbf6/64 scope link valid_lft forever preferred_lft forever
6: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000link/ether 5e:2b:ff:49:bf:21 brd ff:ff:ff:ff:ff:ffinet 10.244.0.1/24 brd 10.244.0.255 scope global cni0valid_lft forever preferred_lft foreverinet6 fe80::5c2b:ffff:fe49:bf21/64 scope link valid_lft forever preferred_lft forever
7: veth8c1b6acf@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 62:67:e7:13:1f:2e brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::6067:e7ff:fe13:1f2e/64 scope link valid_lft forever preferred_lft forever
8: vethbaadb61c@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether ca:ee:34:ac:90:d1 brd ff:ff:ff:ff:ff:ff link-netnsid 1inet6 fe80::c8ee:34ff:feac:90d1/64 scope link valid_lft forever preferred_lft forever
8: veth49d153e6@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether f2:d0:0f:78:59:37 brd ff:ff:ff:ff:ff:ff link-netnsid 2inet6 fe80::f0d0:fff:fe78:5937/64 scope link valid_lft forever preferred_lft forever
10: veth49b58a71@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 4a:7d:06:37:d8:7d brd ff:ff:ff:ff:ff:ff link-netnsid 3inet6 fe80::487d:6ff:fe37:d87d/64 scope link valid_lft forever preferred_lft forever
11: vethd96bd702@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 6a:a7:34:e5:00:86 brd ff:ff:ff:ff:ff:ff link-netnsid 4inet6 fe80::68a7:34ff:fee5:86/64 scope link valid_lft forever preferred_lft forever
12: veth7f1682e@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether e6:a8:05:01:40:16 brd ff:ff:ff:ff:ff:ff link-netnsid 5inet6 fe80::e4a8:5ff:fe01:4016/64 scope link valid_lft forever preferred_lft forever

node2

root@node2:/home/parallels# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:1c:42:ea:e4:e4 brd ff:ff:ff:ff:ff:ffinet 10.211.55.7/24 brd 10.211.55.255 scope global enp0s5valid_lft forever preferred_lft foreverinet6 fdb2:2c26:f4e4:0:21c:42ff:feea:e4e4/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 2591800sec preferred_lft 604600secinet6 fe80::21c:42ff:feea:e4e4/64 scope link valid_lft forever preferred_lft forever
3: br-2133897d2ca9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:fe:62:1e:ce brd ff:ff:ff:ff:ff:ff
4: br-53b41bbd8455: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:0d:36:42:b5 brd ff:ff:ff:ff:ff:ffinet6 fe80::42:dff:fe36:42b5/64 scope link valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:0a:01:3e:44 brd ff:ff:ff:ff:ff:ff
15: veth3a2c643@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether 4e:ae:51:95:b0:96 brd ff:ff:ff:ff:ff:ff link-netnsid 1inet6 fe80::4cae:51ff:fe95:b096/64 scope link valid_lft forever preferred_lft forever
17: vethcf86640@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether b6:a5:9e:65:ee:ec brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::b4a5:9eff:fe65:eeec/64 scope link valid_lft forever preferred_lft forever
19: veth52d72dd@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether 82:b1:11:13:d4:0c brd ff:ff:ff:ff:ff:ff link-netnsid 2inet6 fe80::80b1:11ff:fe13:d40c/64 scope link valid_lft forever preferred_lft forever
34: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether be:22:e7:6f:f7:ef brd ff:ff:ff:ff:ff:ffinet 10.244.1.0/32 scope global flannel.1valid_lft forever preferred_lft foreverinet6 fe80::bc22:e7ff:fe6f:f7ef/64 scope link valid_lft forever preferred_lft forever
35: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000link/ether 92:63:7e:1c:2f:9d brd ff:ff:ff:ff:ff:ffinet 10.244.1.1/24 brd 10.244.1.255 scope global cni0valid_lft forever preferred_lft foreverinet6 fe80::9063:7eff:fe1c:2f9d/64 scope link valid_lft forever preferred_lft forever
36: vethd3d21947@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 92:43:ba:8b:b6:78 brd ff:ff:ff:ff:ff:ff link-netnsid 4inet6 fe80::9043:baff:fe8b:b678/64 scope link valid_lft forever preferred_lft forever
37: veth31c95721@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether b6:ee:ea:c9:59:3a brd ff:ff:ff:ff:ff:ff link-netnsid 5inet6 fe80::b4ee:eaff:fec9:593a/64 scope link valid_lft forever preferred_lft forever
38: veth1b480f08@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 7a:02:0b:ac:22:59 brd ff:ff:ff:ff:ff:ff link-netnsid 6inet6 fe80::6410:d3ff:fea2:2626/64 scope link valid_lft forever preferred_lft forever
25913: veth4ca56da@if25912: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether 0a:24:ac:9b:8b:07 brd ff:ff:ff:ff:ff:ff link-netnsid 3inet6 fe80::824:acff:fe9b:8b07/64 scope link valid_lft forever preferred_lft forever
root@node2:/home/parallels# 
root@node2:/home/parallels# 
root@node2:/home/parallels# 
root@node2:/home/parallels# 
root@node2:/home/parallels# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:1c:42:ea:e4:e4 brd ff:ff:ff:ff:ff:ffinet 10.211.55.7/24 brd 10.211.55.255 scope global enp0s5valid_lft forever preferred_lft foreverinet6 fdb2:2c26:f4e4:0:21c:42ff:feea:e4e4/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 2591796sec preferred_lft 604596secinet6 fe80::21c:42ff:feea:e4e4/64 scope link valid_lft forever preferred_lft forever
3: br-2133897d2ca9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:fe:62:1e:ce brd ff:ff:ff:ff:ff:ff
4: br-53b41bbd8455: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:0d:36:42:b5 brd ff:ff:ff:ff:ff:ffinet6 fe80::42:dff:fe36:42b5/64 scope link valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:0a:01:3e:44 brd ff:ff:ff:ff:ff:ff
15: veth3a2c643@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether 4e:ae:51:95:b0:96 brd ff:ff:ff:ff:ff:ff link-netnsid 1inet6 fe80::4cae:51ff:fe95:b096/64 scope link valid_lft forever preferred_lft forever
17: vethcf86640@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether b6:a5:9e:65:ee:ec brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::b4a5:9eff:fe65:eeec/64 scope link valid_lft forever preferred_lft forever
19: veth52d72dd@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether 82:b1:11:13:d4:0c brd ff:ff:ff:ff:ff:ff link-netnsid 2inet6 fe80::80b1:11ff:fe13:d40c/64 scope link valid_lft forever preferred_lft forever
34: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether be:22:e7:6f:f7:ef brd ff:ff:ff:ff:ff:ffinet 10.244.1.0/32 scope global flannel.1valid_lft forever preferred_lft foreverinet6 fe80::bc22:e7ff:fe6f:f7ef/64 scope link valid_lft forever preferred_lft forever
35: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000link/ether 92:63:7e:1c:2f:9d brd ff:ff:ff:ff:ff:ffinet 10.244.1.1/24 brd 10.244.1.255 scope global cni0valid_lft forever preferred_lft foreverinet6 fe80::9063:7eff:fe1c:2f9d/64 scope link valid_lft forever preferred_lft forever
36: vethd3d21947@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 92:43:ba:8b:b6:78 brd ff:ff:ff:ff:ff:ff link-netnsid 4inet6 fe80::9043:baff:fe8b:b678/64 scope link valid_lft forever preferred_lft forever
37: veth31c95721@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether b6:ee:ea:c9:59:3a brd ff:ff:ff:ff:ff:ff link-netnsid 5inet6 fe80::b4ee:eaff:fec9:593a/64 scope link valid_lft forever preferred_lft forever
38: veth1b480f08@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 7a:02:0b:ac:22:59 brd ff:ff:ff:ff:ff:ff link-netnsid 6inet6 fe80::6410:d3ff:fea2:2626/64 scope link valid_lft forever preferred_lft forever
25963: veth6a3543e@if25962: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-53b41bbd8455 state UP group default link/ether a2:ca:b6:cd:19:7a brd ff:ff:ff:ff:ff:ff link-netnsid 3inet6 fe80::a0ca:b6ff:fecd:197a/64 scope link valid_lft forever preferred_lft forever

通过Docker运行容器

root@18c7d48fca76:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
30: eth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever

自身IP 失败

root@18c7d48fca76:/# curl https://172.17.0.2:10250/pods --insecure
curl: (7) Failed to connect to 172.17.0.2 port 10250 after 0 ms: Connection refused

docker0 成功

root@18c7d48fca76:/# curl https://172.17.0.1:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-7ll4q","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"a12aa7c3-ba0a-425e-ac58-96d372e6d473","resourceVersion":"13905304","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886401680+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3\"}":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"coredns\"}":{".":{},"f:args":{},"f:image":{},"f:imagePullPolicy":{},"f:livenessProbe":{".":{},"f:failureThreshold":{},"f:httpGet":{".":{},"f:path":{},"f:port":{},"f:scheme":{}},"f:initialDelaySeconds":{},"f:periodSeconds":{},"f:successThreshold":{},"f:timeoutSeconds":{}},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":53,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:name":{},"f:protocol":{}},"k:{\"contai

flannel.1 成功 

root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\

cni0 成功

root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\

自身节点主机IP 成功
root@18c7d48fca76:/# curl https://10.211.55.6:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"kube-flannel-ds-fg7wh","generateName":"kube-flannel-ds-","namespace":"kube-flannel","uid":"cffe6a8a-c03b-4cab-aaf5-52af441f2b15","resourceVersion":"13864130","creationTimestamp":"2023-11-02T09:45:27Z","labels":{"app":"flannel","controller-revision-hash":"6b69bb98dd","pod-template-generation":"1","tier":"node"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404972+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"DaemonSet","name":"kube-flannel-ds","uid":"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:45:27Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:app":{},"f:controller-revision-hash":{},"f:pod-template-generation":{},"f:tier":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca\"}":{}}},"f:spec":{"f:affinity":{".":{},"f:nodeAffinity":{".":{},"f:requiredDuringSchedulingIgnoredDuringExecution":{}}},"f:containers":{"k:{\"name\":\"kube-flannel\"}":{".":{},"f:args":{},
其他节点 成功(由于未开Kubelet未授权,所以用ping替代)
root@18c7d48fca76:/# ping 10.211.55.7
PING 10.211.55.7 (10.211.55.7): 56 data bytes
64 bytes from 10.211.55.7: icmp_seq=0 ttl=63 time=2.653 ms
64 bytes from 10.211.55.7: icmp_seq=1 ttl=63 time=0.610 ms
^C--- 10.211.55.7 ping statistics ---

通过k8s容器运行的容器

root@escaper:/home# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
2: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default link/ether 46:a7:ed:f5:62:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet 10.244.0.53/24 brd 10.244.0.255 scope global eth0valid_lft forever preferred_lft forever

自身IP 失败

root@escaper:/home#  curl https://10.244.0.53:10250/pods --insecure
curl: (7) Failed to connect to 10.244.0.53 port 10250 after 0 ms: Connection refused

 docker0 成功

root@18c7d48fca76:/# curl https://172.17.0.1:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-7ll4q","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"a12aa7c3-ba0a-425e-ac58-96d372e6d473","resourceVersion":"13905304","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886401680+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3\"}":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"coredns\"}":{".":{},"f:args":{},"f:image":{},"f:imagePullPolicy":{},"f:livenessProbe":{".":{},"f:failureThreshold":{},"f:httpGet":{".":{},"f:path":{},"f:port":{},"f:scheme":{}},"f:initialDelaySeconds":{},"f:periodSeconds":{},"f:successThreshold":{},"f:timeoutSeconds":{}},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":53,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:name":{},"f:protocol":{}},"k:{\"contai

 flannel.1 成功 

root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\
cni0 成功 
root@18c7d48fca76:/# curl https://10.244.0.0:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"coredns-6d8c4cb4d-v2v6s","generateName":"coredns-6d8c4cb4d-","namespace":"kube-system","uid":"7fbaad56-7595-460a-9687-a295ed79b24c","resourceVersion":"13905287","creationTimestamp":"2023-11-02T09:41:34Z","labels":{"k8s-app":"kube-dns","pod-template-hash":"6d8c4cb4d"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404222+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"coredns-6d8c4cb4d","uid":"32c3b707-2c34-4bd0-bbc9-cc724c9ab8e3","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:41:34Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:k8s-app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\
自身节点IP 
root@18c7d48fca76:/# curl https://10.211.55.6:10250/pods --insecure
{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":{"name":"kube-flannel-ds-fg7wh","generateName":"kube-flannel-ds-","namespace":"kube-flannel","uid":"cffe6a8a-c03b-4cab-aaf5-52af441f2b15","resourceVersion":"13864130","creationTimestamp":"2023-11-02T09:45:27Z","labels":{"app":"flannel","controller-revision-hash":"6b69bb98dd","pod-template-generation":"1","tier":"node"},"annotations":{"kubernetes.io/config.seen":"2025-01-12T12:24:55.886404972+08:00","kubernetes.io/config.source":"api"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"DaemonSet","name":"kube-flannel-ds","uid":"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2023-11-02T09:45:27Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:app":{},"f:controller-revision-hash":{},"f:pod-template-generation":{},"f:tier":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"8beb07f0-980c-48a5-bdfa-ae1b5ca4bbca\"}":{}}},"f:spec":{"f:affinity":{".":{},"f:nodeAffinity":{".":{},"f:requiredDuringSchedulingIgnoredDuringExecution":{}}},"f:containers":{"k:{\"name\":\"kube-flannel\"}":{".":{},"f:args":{},

参考

Lateral movement risks in the cloud and how to prevent them – Part 2: from compromised container to cloud takeover | Wiz Blog

An Insight into RSAC 2023: Lateral Movement in Kubernetes - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Lateral Movement - Threat Matrix for Kubernetes

Taking a look at the Kube-Proxy API

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/diannao/67441.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

贪心算法(题1)区间选点

贪心算法(题1)区间选点

输出 2 #include <iostream> #include<algorithm>using namespace std;const int N 100010 ;int n; struct Range {int l,r;bool operator <(const Range &W)const{return r<W.r;} }range[N];int main() {scanf("%d",&n);for(int i0;i&l…
阅读更多...
解决本地运行MR程序访问权限问题

解决本地运行MR程序访问权限问题

文章目录 1. 提出问题2. 解决问题2.1 临时解决方案2.2 永久解决方案 3. 小结 1. 提出问题 运行DeduplicateIPsDriver类&#xff0c;抛出如下异常&#xff1a; 该错误信息表明在尝试运行 DeduplicateIPsDriver 类时&#xff0c;遇到了 HDFS&#xff08;Hadoop 分布式文件系统&a…
阅读更多...
html全局遮罩,通过websocket来实现实时发布公告

html全局遮罩,通过websocket来实现实时发布公告

1.index.html代码示例 <div id"websocket" style"display:none;position: absolute;color:red;background-color: black;width: 100%;height: 100%;z-index: 100; opacity: 0.9; padding-top: 30%;padding-left: 30%; padding-border:1px; "onclick&q…
阅读更多...
高通8255 Android STR 启动失败要因分析调查

高通8255 Android STR 启动失败要因分析调查

目录 背景&#xff1a; 调查过程&#xff1a; 步骤1&#xff1a; slog2info | grep vmm_service 步骤2&#xff1a; slog2info | grep qvm 总结&#xff1a; 解决方案 背景&#xff1a; 调试高通8255 STR的STR过程中发现Android和QNX进入STR状态后&#xff0c;脱出STR时…
阅读更多...
Linux UDP 编程详解

Linux UDP 编程详解

一、引言 在网络编程领域&#xff0c;UDP&#xff08;User Datagram Protocol&#xff0c;用户数据报协议&#xff09;作为一种轻量级的传输层协议&#xff0c;具有独特的优势和适用场景。与 TCP&#xff08;Transmission Control Protocol&#xff0c;传输控制协议&#xff0…
阅读更多...
可解释性机器学习

可解释性机器学习

一、引言 随着机器学习&#xff08;ML&#xff09;在各个领域的广泛应用&#xff0c;模型的复杂度不断增加&#xff0c;如深度神经网络等黑盒模型逐渐成为主流。这些模型虽然具有很高的预测性能&#xff0c;但其内部的决策机制往往难以理解&#xff0c;导致模型的透明度和可解释…
阅读更多...
PyTorch使用教程(8)-一文了解torchvision

PyTorch使用教程(8)-一文了解torchvision

一、什么是torchvision torchvision提供了丰富的功能&#xff0c;主要包括数据集、模型、转换工具和实用方法四大模块。数据集模块内置了多种广泛使用的图像和视频数据集&#xff0c;如ImageNet、CIFAR-10、MNIST等&#xff0c;方便开发者进行训练和评估。模型模块封装了大量经…
阅读更多...
网络安全防护指南:筑牢网络安全防线(510)

网络安全防护指南:筑牢网络安全防线(510)

一、网络安全的基本概念 &#xff08;一&#xff09;网络的定义 网络是指由计算机或者其他信息终端及相关设备组成的按照一定的规则和程序对信息收集、存储、传输、交换、处理的系统。在当今数字化时代&#xff0c;网络已经成为人们生活和工作中不可或缺的一部分。它连接了世…
阅读更多...
关于vite+vue3+ts项目中env.d.ts 文件详解

关于vite+vue3+ts项目中env.d.ts 文件详解

env.d.ts 文件是 Vite 项目中用于定义全局类型声明的 TypeScript 文件。它帮助开发者向 TypeScript提供全局的类型提示&#xff0c;特别是在使用一些特定于 Vite 的功能时&#xff08;如 import.meta.env&#xff09;。以下是详细讲解及代码示例 文章目录 **1. env.d.ts 文件的…
阅读更多...
1.17学习

1.17学习

crypto nssctf-[SWPUCTF 2021 新生赛]crypto8 不太认识这是什么编码&#xff0c;搜索一下发现是一个UUENCODE编码&#xff0c;用在线工具UUENCODE解码计算器—LZL在线工具解码就好 misc buuctf-文件中的秘密 下载附件打开后发现是一个图片&#xff0c;应该是一个图片隐写&…
阅读更多...
Python爬虫学习前传 —— Python从安装到学会一站式服务

Python爬虫学习前传 —— Python从安装到学会一站式服务

早上好啊&#xff0c;大佬们。我们的python基础内容的这一篇终于写好了&#xff0c;啪唧啪唧啪唧…… 说实话&#xff0c;这一篇确实写了很久&#xff0c;一方面是在忙其他几个专栏的内容&#xff0c;再加上生活学业上的事儿&#xff0c;确实精力有限&#xff0c;另一方面&…
阅读更多...
LabVIEW时域近场天线测试

LabVIEW时域近场天线测试

随着通信技术的飞速发展&#xff0c;特别是在5G及未来通信技术中&#xff0c;天线性能的测试需求日益增加。对于短脉冲天线和宽带天线的时域特性测试&#xff0c;传统的频域测试方法已无法满足其需求。时域测试方法在这些应用中具有明显优势&#xff0c;可以提供更快速和精准的…
阅读更多...
LabVIEW 程序中的 R6025 错误

LabVIEW 程序中的 R6025 错误

R6025错误 通常是 运行时库 错误&#xff0c;特别是与 C 运行时库 相关。这种错误通常会在程序运行时出现&#xff0c;尤其是在使用 C 编译的程序或依赖 C 运行时库的程序时。 ​ 可能的原因&#xff1a; 内存访问冲突&#xff1a; R6025 错误通常是由于程序在运行时访问无效内…
阅读更多...
【漏洞预警】FortiOS 和 FortiProxy 身份认证绕过漏洞(CVE-2024-55591)

【漏洞预警】FortiOS 和 FortiProxy 身份认证绕过漏洞(CVE-2024-55591)

文章目录 一、产品简介二、漏洞描述三、影响版本四、漏洞检测方法五、解决方案 一、产品简介 FortiOS是Fortinet公司核心的网络安全操作系统&#xff0c;广泛应用于FortiGate下一代防火墙&#xff0c;为用户提供防火墙、VPN、入侵防御、应用控制等多种安全功能。 FortiProxy则…
阅读更多...
免费送源码:Java+ssm+MySQL 基于PHP在线考试系统的设计与实现 计算机毕业设计原创定制

免费送源码:Java+ssm+MySQL 基于PHP在线考试系统的设计与实现 计算机毕业设计原创定制

摘 要 信息化社会内需要与之针对性的信息获取途径&#xff0c;但是途径的扩展基本上为人们所努力的方向&#xff0c;由于站在的角度存在偏差&#xff0c;人们经常能够获得不同类型信息&#xff0c;这也是技术最为难以攻克的课题。针对在线考试等问题&#xff0c;对如何通过计算…
阅读更多...
服务器迁移MySQL

服务器迁移MySQL

由于公司原有的服务器不再使用&#xff0c;需要将老的服务器上的MySQL迁移到新的服务器上&#xff0c;因此需要对数据进行备份迁移&#xff0c;前提是两台服务器已安装相同版本的MySQL&#xff0c;这里就不再讲解MySQL的安装步骤了&#xff0c;可以安装包、可以在线下载、可以容…
阅读更多...
前端【3】--CSS布局,CSS实现横向布局,盒子模型

前端【3】--CSS布局,CSS实现横向布局,盒子模型

盒子分类 1、块级盒子 2、内联级盒子 3、内联块级盒子 4、弹性盒子 5、盒子内部分区 方法一&#xff1a;使用 float 普通盒子实现横向布局 方法二&#xff1a;使用 display: inline-block 内联块级元素实现横向布局 方法三&#xff1a;使用弹性盒子 flexbox&#xff0…
阅读更多...
Mockito+PowerMock+Junit单元测试

Mockito+PowerMock+Junit单元测试

一、单元测试用途 1、日常开发团队要求规范&#xff0c;需要对开发需求代码进行单元测试并要求行覆盖率达到要求&#xff0c;DevOps流水线也会开设相关门禁阀值阻断代码提交&#xff0c;一般新增代码行覆盖率80%左右。 二、Mock测试介绍 1、Mock是为了解决不同的单元之间由于…
阅读更多...
Ubuntu上,ffmpeg如何使用cuda硬件解码、编码、转码加速

Ubuntu上,ffmpeg如何使用cuda硬件解码、编码、转码加速

本文使用 Ubuntu 环境。Ubuntu 直接使用 APT 安装的就支持 CUDA 加速。本文使用这样下载的版本进行演示&#xff0c;你自己编译或者其他源的版本可能会不同。 ffmpeg 的一些介绍&#xff0c;以及 macOS 版本的 ffmpeg 硬件加速请见《macOS上如何安装&#xff08;不需要编译安装…
阅读更多...
WPS计算机二级•高效操作技巧

WPS计算机二级•高效操作技巧

听说这里是目录哦 斜线表头 展示项目名称&#x1f34b;‍&#x1f7e9;横排转竖排&#x1f350;批量删除表格空白行&#x1f348;方法一方法二建辅助列找空值 能量站&#x1f61a; 斜线表头 展示项目名称&#x1f34b;‍&#x1f7e9; 选中单元格&#xff0c;单击右键➡️“设…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023