# Docker and k8s

* [#BugBountyTip: Found an SSRF #vulnerability in a Jira instance, now what? Right! #RCE like a boss 8) - \[Only for Docker deployments\] http://\[::1\]:2375/containers/json - might get you the docker credentials in the form of env variables!](https://twitter.com/payloadartist/status/1062250344850190336)
* [Looking for kubelet information exposure?Use shodan and type this keyword :product:"Kubernetes" port:"10250"And try](https://twitter.com/jerukitumanis/status/1218395494721839104)

  [https://x.x.x.x:10255/pods](https://twitter.com/jerukitumanis/status/1218395494721839104)
* [#Bugbountytip Got a SSRF? no metadata endpoints to hit? Try https://kubernetes.default.svc/metrics if you get a load crap come back jackpot you've hit the kubernetes API and this should indicate it's shit the bed time for any security team. (url can change)](https://twitter.com/Random_Robbie/status/1072242182306832384)
* Dumping credentials, tokens, and keys from Kubernetes. STEP 1: Perform a GET on the following Kubernetes path: http\://\<Kube\_IPAddr>:2379/v2/keys/?recursive=true STEP 2: Look through returned results for possible credentials or kublet tokens. Credit [@carnal0wnage](https://twitter.com/carnal0wnage)[#hashcrack](https://twitter.com/hashtag/hashcrack?src=hashtag_click)