├── .gitignore ├── README.md └── assets ├── image-20241231101014986.png ├── image-20241231101247775.png ├── image-20241231103252528.png ├── image-20241231103429778.png ├── image-20241231103630617.png ├── image-20241231103754831.png ├── image-20241231104110968.png ├── image-20241231105124454.png ├── image-20241231110012042.png ├── image-20241231110042642.png ├── image-20241231110201068.png ├── image-20241231110514862.png ├── image-20241231110547827.png ├── image-20241231111533872.png ├── image-20241231111551516.png ├── image-20241231111603579.png ├── image-20241231111633858.png ├── image-20241231111656548.png └── image-20250228150733770.png /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | ## 简介 6 | 7 | NoNameExploit 是一个集权利用工具。目前的第一个版本仅开发了 K8S 相关的利用模块。后续根据情况会逐渐更新例如:域环境、云管平台等方面的利用模块。 8 | 9 | ![image-20250228150733770](./assets/image-20250228150733770.png) 10 | 11 | ## 免责声明 12 | 13 | **本工具仅可用于经过授权的红队渗透测试和网络安全评估目的。使用本工具进行未经授权的访问、测试或攻击行为是非法的,并可能违反适用的法律和法规。开发者不对滥用本工具所造成的法律责任或损失负责。** 14 | 15 | ## K8S 模块使用说明 16 | 17 | 包含 K8s未授权探测与利用、后利用(创建特权容器、获取 Service Token、对容器命令执行、获取敏感配置等) 18 | 19 | ![image-20241231101014986](./assets/image-20241231101014986.png) 20 | 21 | 右上角会先显示当前系统时间,方便打红队截图证明。 22 | 23 | ### 扫描模块 24 | 25 | 默认情况下,可以直接输入 IP 或 IP段后直接点击开始检测即可。如果你有特定的端口或是协议需求可在2号窗口进行配置。3号窗口会显示已发现的未授权服务。4号窗口会实时显示检测的日志,用以分析为什么有些服务没能检测成功。进度条会显示当前的检测进度,其他参数已做了明显的标注。 26 | 27 | ![image-20241231101247775](./assets/image-20241231101247775.png) 28 | 29 | ### API Server 利用 30 | 31 | 如果是未授权利用,那么输入 url 之后,便直接可以跳过步骤1,直接进行步骤2的操作。当然如果你有 token 或是证书进行利用,直接在步骤1进行输入即可。 32 | 33 | ![image-20241231111533872](./assets/image-20241231111533872.png) 34 | 35 | 获取集群 Node 和 pod 信息,点击之后会自动获取 Node 节点的信息、Pod 的信息。 36 | 37 | ![image-20241231111551516](./assets/image-20241231111551516.png) 38 | 39 | 当你点击创建特权Pod后,会弹出框输入信息。Image 名称是必须的,如果目标不出网,可以输入目标本地已有的 Image 的名称。Node 节点名称是可选项,不输入的话,默认会忽略污点直接部署到 Master 节点上。命名空间名称也是可选项,如果不输入的话,会自动选择一个命名空间。 40 | 41 | ![image-20241231111603579](./assets/image-20241231111603579.png) 42 | 43 | 如下,创建成功后会输出特权Pod的信息,并且会自动填充信息到利用框中 44 | 45 | ![image-20241231111633858](./assets/image-20241231111633858.png) 46 | 47 | 点击对指定Pod执行命令,即可对创建的特权Pod执行命令。当然你可以对任意指定Pod执行命令。 48 | 49 | ![image-20241231111656548](./assets/image-20241231111656548.png) 50 | 51 | ### ETCD 利用 52 | 53 | 如果是未授权利用 输入 URL 之后,直接进行操作,不用指定用户名或证书。 54 | 55 | 如下图,列出键名后会显示当前 ETCD 数据库的所有键名。 56 | 57 | ![image-20241231103252528](./assets/image-20241231103252528.png) 58 | 59 | 点击导出所有 ETCD 内容,提示要保存的文件位置,会导出数据库中的所有键值对信息。其中可能包含集群的Token、数据库账号密码等配置信息。 60 | 61 | ![image-20241231103429778](./assets/image-20241231103429778.png) 62 | 63 | 导出成果后的输出 64 | 65 | ![image-20241231103630617](./assets/image-20241231103630617.png) 66 | 67 | ### Kubelet 利用 68 | 69 | 输入 URL 之后,直接进行未授权利用。 70 | 71 | 查看 Pod 信息: 72 | 73 | ![image-20241231103754831](./assets/image-20241231103754831.png) 74 | 75 | 还可查询指定 pod 信息 76 | 77 | ![image-20241231110547827](./assets/image-20241231110547827.png) 78 | 79 | 还可以一键获取这个 kubelet 下所有 Pod 中保存的 Service token: 80 | 81 | ![image-20241231104110968](./assets/image-20241231104110968.png) 82 | 83 | 当然,可以对指定 Pod 进行命令执行: 84 | 85 | ![image-20241231110514862](./assets/image-20241231110514862.png) 86 | 87 | ### Docker Api 利用 88 | 89 | 输入 URL 之后,直接进行未授权利用。 90 | 91 | 查看可控的 docker 容器信息 92 | 93 | ![image-20241231105124454](./assets/image-20241231105124454.png) 94 | 95 | 创建特权容器,同样需要输入 image 名称 96 | 97 | ![image-20241231110042642](./assets/image-20241231110042642.png) 98 | 99 | 创建成功会输出特权容器的信息 100 | 101 | ![image-20241231110012042](./assets/image-20241231110012042.png) 102 | 103 | 对指定容器 ID 进行命令执行 104 | 105 | ![image-20241231110201068](./assets/image-20241231110201068.png) -------------------------------------------------------------------------------- /assets/image-20241231101014986.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231101014986.png -------------------------------------------------------------------------------- /assets/image-20241231101247775.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231101247775.png -------------------------------------------------------------------------------- /assets/image-20241231103252528.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231103252528.png -------------------------------------------------------------------------------- /assets/image-20241231103429778.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231103429778.png -------------------------------------------------------------------------------- /assets/image-20241231103630617.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231103630617.png -------------------------------------------------------------------------------- /assets/image-20241231103754831.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231103754831.png -------------------------------------------------------------------------------- /assets/image-20241231104110968.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231104110968.png -------------------------------------------------------------------------------- /assets/image-20241231105124454.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231105124454.png -------------------------------------------------------------------------------- /assets/image-20241231110012042.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231110012042.png -------------------------------------------------------------------------------- /assets/image-20241231110042642.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231110042642.png -------------------------------------------------------------------------------- /assets/image-20241231110201068.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231110201068.png -------------------------------------------------------------------------------- /assets/image-20241231110514862.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231110514862.png -------------------------------------------------------------------------------- /assets/image-20241231110547827.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231110547827.png -------------------------------------------------------------------------------- /assets/image-20241231111533872.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231111533872.png -------------------------------------------------------------------------------- /assets/image-20241231111551516.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231111551516.png -------------------------------------------------------------------------------- /assets/image-20241231111603579.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231111603579.png -------------------------------------------------------------------------------- /assets/image-20241231111633858.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231111633858.png -------------------------------------------------------------------------------- /assets/image-20241231111656548.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20241231111656548.png -------------------------------------------------------------------------------- /assets/image-20250228150733770.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myzxcg/NoNameExploit/e41d7a8b76ea6fd640ad90419bd41cb4217feea5/assets/image-20250228150733770.png --------------------------------------------------------------------------------