diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md index 74772aa46..8b15cc2a3 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md @@ -314,7 +314,7 @@ sudo nc -nlvp 443 The scheduled task executes the payload, achieving SYSTEM-level privileges. -{{#include ../../../banners/hacktricks-training.md}} + ### `Microsoft.Automation/automationAccounts/python3Packages/write`, `Microsoft.Automation/automationAccounts/runbooks/write`, `Microsoft.Automation/automationAccounts/runbooks/publish/action`, `Microsoft.Automation/automationAccounts/jobs/write` @@ -601,3 +601,4 @@ az rest --method GET \ --url "https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP}/providers/Microsoft.Automation/automationAccounts/${AUTOMATION_ACCOUNT}/jobs/${JOB_ID}/streams?api-version=2023-11-01" ``` +{{#include ../../../banners/hacktricks-training.md}} diff --git a/src/pentesting-cloud/kubernetes-security/kubernetes-basics.md b/src/pentesting-cloud/kubernetes-security/kubernetes-basics.md index 50fe24675..916d2220b 100644 --- a/src/pentesting-cloud/kubernetes-security/kubernetes-basics.md +++ b/src/pentesting-cloud/kubernetes-security/kubernetes-basics.md @@ -364,6 +364,75 @@ helm search Helm is also a template engine that allows to generate config files with variables: +### Helm `.Values` YAML injection + +If a chart inserts **attacker-controlled values** directly into YAML, Helm will **render them as raw YAML content** unless the template explicitly quotes, converts, or validates them. This is especially dangerous in **GitOps** environments (for example with **ArgoCD**) where developers are only allowed to modify `values.yaml` and the chart is assumed to be trusted. + +**Typical vulnerable patterns:** + +```yaml +spec: + replicas: {{ .Values.replicaCount }} +... +image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" +``` + +If an attacker can control those values, they can abuse YAML multiline scalars (`|` or `|-`) to **break the expected context**, inject **new fields** at the right indentation level, and even inject **new YAML documents** with `---`. + +### Exploitation ideas + +- **Field injection** from scalar-looking values: + +```yaml +replicaCount: | + 3 + injectedAttribute: true +``` + +This can transform a numeric-looking field into additional manifest attributes. + +- **Quoted-context breakout** to inject container attributes such as `command`, `args`, or `securityContext`: + +```yaml +image: + tag: |- + 1.0.0" + securityContext: + privileged: true + command: ["/bin/sh", "-c"] + args: ["id"] +``` + +- **Arbitrary object injection** by creating extra YAML documents with `---`, which may create resources such as `Namespace`, `Pod`, `Role`, `ClusterRole`, `RoleBinding`, or `ClusterRoleBinding` if the Helm/ArgoCD service account is allowed to create them. This connects directly with [RBAC abuse](kubernetes-role-based-access-control-rbac.md), [abusing dangerous roles](abusing-roles-clusterroles-in-kubernetes/), and [namespace pivoting](kubernetes-namespace-escalation.md). + +> [!WARNING] +> Control over `values.yaml` in a vulnerable chart can become **arbitrary workload creation**, **command execution inside Pods**, **privileged Pod deployment**, and sometimes **cluster compromise**. + +### Helm v3 vs Helm v4 + +- **Helm v3** may accept injected unknown fields as long as the final rendered output is valid YAML. +- **Helm v4** uses **Server-Side Apply** by default and rejects several invalid fields against the Kubernetes schema. +- However, **Helm v4 does not fully solve the problem**: an attacker may still inject **valid resources first** and append a final invalid object only to absorb the broken context, so previously injected valid resources are still created. + +### Defensive patterns + +Treat every Helm value as **untrusted input**: + +```yaml +image: {{ printf "%s:%s" .Values.image.repository .Values.image.tag | quote }} +replicas: {{ .Values.replicaCount | int }} +{{- if not (regexMatch "^(latest|1\.1|dev)$" .Values.image.tag) }} +{{- fail "invalid image.tag" }} +{{- end }} +``` + +Additional hardening: + +- Use `values.schema.json` to enforce **types**, **required keys**, and **regex patterns** during `helm template`, `helm install`, `helm upgrade`, and `helm lint`. +- In **ArgoCD**, restrict the kinds an application can create via `AppProject` rules such as `clusterResourceWhitelist`, and prefer **namespace-scoped** ArgoCD permissions whenever possible. +- Use **ValidatingAdmissionPolicy** / **ValidatingAdmissionPolicyBinding**, Kyverno, or Gatekeeper rules to block dangerous outputs such as **privileged Pods** even if rendering was compromised. +- If a target namespace is protected by Pod Security controls, check whether the attacker can inject a **new namespace** where those controls do not apply, then use the new workload for [pod escape](abusing-roles-clusterroles-in-kubernetes/pod-escape-privileges.md) or further [post-compromise attacks from inside a pod](attacking-kubernetes-from-inside-a-pod.md). + ## Kubernetes secrets A **Secret** is an object that **contains sensitive data** such as a password, a token or a key. Such information might otherwise be put in a Pod specification or in an image. Users can create Secrets and the system also creates Secrets. The name of a Secret object must be a valid **DNS subdomain name**. Read here [the official documentation](https://kubernetes.io/docs/concepts/configuration/secret/). @@ -564,6 +633,13 @@ https://sickrov.github.io/ https://www.youtube.com/watch?v=X48VuDVv0do {{#endref}} +- [Charting your way in: Helm template injection](https://synacktiv.com/en/publications/charting-your-way-in-helm-template-injection.html) +- [Helm template functions and pipelines](https://helm.sh/docs/chart_template_guide/functions_and_pipelines/) +- [Helm chart schema files (`values.schema.json`)](https://helm.sh/docs/topics/charts/#schema-files) +- [Argo CD projects (`AppProject` restrictions)](https://argo-cd.readthedocs.io/en/latest/user-guide/projects/) +- [Argo CD multiple sources / external Helm value files](https://argo-cd.readthedocs.io/en/latest/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) +- [Kubernetes ValidatingAdmissionPolicy](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/) + {{#include ../../banners/hacktricks-training.md}}