Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ sudo nc -nlvp 443

The scheduled task executes the payload, achieving SYSTEM-level privileges.

{{#include ../../../banners/hacktricks-training.md}}



### `Microsoft.Automation/automationAccounts/python3Packages/write`, `Microsoft.Automation/automationAccounts/runbooks/write`, `Microsoft.Automation/automationAccounts/runbooks/publish/action`, `Microsoft.Automation/automationAccounts/jobs/write`
Expand Down Expand Up @@ -601,3 +601,4 @@ az rest --method GET \
--url "https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP}/providers/Microsoft.Automation/automationAccounts/${AUTOMATION_ACCOUNT}/jobs/${JOB_ID}/streams?api-version=2023-11-01"
```

{{#include ../../../banners/hacktricks-training.md}}
76 changes: 76 additions & 0 deletions src/pentesting-cloud/kubernetes-security/kubernetes-basics.md
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,75 @@ helm search <keyword>

Helm is also a template engine that allows to generate config files with variables:

### Helm `.Values` YAML injection

If a chart inserts **attacker-controlled values** directly into YAML, Helm will **render them as raw YAML content** unless the template explicitly quotes, converts, or validates them. This is especially dangerous in **GitOps** environments (for example with **ArgoCD**) where developers are only allowed to modify `values.yaml` and the chart is assumed to be trusted.

**Typical vulnerable patterns:**

```yaml
spec:
replicas: {{ .Values.replicaCount }}
...
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
```

If an attacker can control those values, they can abuse YAML multiline scalars (`|` or `|-`) to **break the expected context**, inject **new fields** at the right indentation level, and even inject **new YAML documents** with `---`.

### Exploitation ideas

- **Field injection** from scalar-looking values:

```yaml
replicaCount: |
3
injectedAttribute: true
```

This can transform a numeric-looking field into additional manifest attributes.

- **Quoted-context breakout** to inject container attributes such as `command`, `args`, or `securityContext`:

```yaml
image:
tag: |-
1.0.0"
securityContext:
privileged: true
command: ["/bin/sh", "-c"]
args: ["id"]
```

- **Arbitrary object injection** by creating extra YAML documents with `---`, which may create resources such as `Namespace`, `Pod`, `Role`, `ClusterRole`, `RoleBinding`, or `ClusterRoleBinding` if the Helm/ArgoCD service account is allowed to create them. This connects directly with [RBAC abuse](kubernetes-role-based-access-control-rbac.md), [abusing dangerous roles](abusing-roles-clusterroles-in-kubernetes/), and [namespace pivoting](kubernetes-namespace-escalation.md).

> [!WARNING]
> Control over `values.yaml` in a vulnerable chart can become **arbitrary workload creation**, **command execution inside Pods**, **privileged Pod deployment**, and sometimes **cluster compromise**.

### Helm v3 vs Helm v4

- **Helm v3** may accept injected unknown fields as long as the final rendered output is valid YAML.
- **Helm v4** uses **Server-Side Apply** by default and rejects several invalid fields against the Kubernetes schema.
- However, **Helm v4 does not fully solve the problem**: an attacker may still inject **valid resources first** and append a final invalid object only to absorb the broken context, so previously injected valid resources are still created.

### Defensive patterns

Treat every Helm value as **untrusted input**:

```yaml
image: {{ printf "%s:%s" .Values.image.repository .Values.image.tag | quote }}
replicas: {{ .Values.replicaCount | int }}
{{- if not (regexMatch "^(latest|1\.1|dev)$" .Values.image.tag) }}
{{- fail "invalid image.tag" }}
{{- end }}
```

Additional hardening:

- Use `values.schema.json` to enforce **types**, **required keys**, and **regex patterns** during `helm template`, `helm install`, `helm upgrade`, and `helm lint`.
- In **ArgoCD**, restrict the kinds an application can create via `AppProject` rules such as `clusterResourceWhitelist`, and prefer **namespace-scoped** ArgoCD permissions whenever possible.
- Use **ValidatingAdmissionPolicy** / **ValidatingAdmissionPolicyBinding**, Kyverno, or Gatekeeper rules to block dangerous outputs such as **privileged Pods** even if rendering was compromised.
- If a target namespace is protected by Pod Security controls, check whether the attacker can inject a **new namespace** where those controls do not apply, then use the new workload for [pod escape](abusing-roles-clusterroles-in-kubernetes/pod-escape-privileges.md) or further [post-compromise attacks from inside a pod](attacking-kubernetes-from-inside-a-pod.md).

## Kubernetes secrets

A **Secret** is an object that **contains sensitive data** such as a password, a token or a key. Such information might otherwise be put in a Pod specification or in an image. Users can create Secrets and the system also creates Secrets. The name of a Secret object must be a valid **DNS subdomain name**. Read here [the official documentation](https://kubernetes.io/docs/concepts/configuration/secret/).
Expand Down Expand Up @@ -564,6 +633,13 @@ https://sickrov.github.io/
https://www.youtube.com/watch?v=X48VuDVv0do
{{#endref}}

- [Charting your way in: Helm template injection](https://synacktiv.com/en/publications/charting-your-way-in-helm-template-injection.html)
- [Helm template functions and pipelines](https://helm.sh/docs/chart_template_guide/functions_and_pipelines/)
- [Helm chart schema files (`values.schema.json`)](https://helm.sh/docs/topics/charts/#schema-files)
- [Argo CD projects (`AppProject` restrictions)](https://argo-cd.readthedocs.io/en/latest/user-guide/projects/)
- [Argo CD multiple sources / external Helm value files](https://argo-cd.readthedocs.io/en/latest/user-guide/multiple_sources/#helm-value-files-from-external-git-repository)
- [Kubernetes ValidatingAdmissionPolicy](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/)

{{#include ../../banners/hacktricks-training.md}}