Book of BugBounty Tips
  • Introduction
  • OSINT / Recon
  • API
  • Cross Site Request Forgery (CSRF)
  • Server Side Request Forgery (SSRF)
  • Sensitive Information Disclosure
  • Cross Site Scripting (XSS)
  • CRLF
  • Remote Code Execution (RCE)
  • Email Bypass
  • File Upload
  • Open Redirect
  • Insecure Direct Object Reference (IDOR)
  • Injection
  • XXE
  • Local / Remote File Inclusion
  • Authentication / Authorization
  • Account Takeover
  • Application Login
  • Clickjacking
  • Parameter Pollution
  • Fuzzing
  • Application Logic Bypasses
  • Bypasses
  • Mobile
  • Password Reset
  • Web Cache
  • Server Side Template Injection
  • Tips from @EdOverflow
  • Tips From @intigriti
  • Hackpack From @yeswehack
  • Tips from @YogoshaOfficial
  • Tips from @Jhaddix
  • Tips from Ben (@nahamsec)
  • Tips from Other Sources
  • Tips from Blog posts / other hunters
  • Others
  • Bugbounty Related Websites / Blogs
  • Docker and k8s
  • Tweets Collection by @Pentesterland
  • Windows
  • Linux
  • Burp suite
  • Scope Based Recon Tips
Powered by GitBook
On this page

Docker and k8s

This section will contain the list of twitter feeds related to Docker and k8s security

  • #BugBountyTip: Found an SSRF #vulnerability in a Jira instance, now what? Right! #RCE like a boss 8) - [Only for Docker deployments] http://[::1]:2375/containers/json - might get you the docker credentials in the form of env variables!

  • Looking for kubelet information exposure?Use shodan and type this keyword :product:"Kubernetes" port:"10250"And try

    https://x.x.x.x:10255/pods

  • #Bugbountytip Got a SSRF? no metadata endpoints to hit? Try https://kubernetes.default.svc/metrics if you get a load crap come back jackpot you've hit the kubernetes API and this should indicate it's shit the bed time for any security team. (url can change)

  • Dumping credentials, tokens, and keys from Kubernetes. STEP 1: Perform a GET on the following Kubernetes path: http://<Kube_IPAddr>:2379/v2/keys/?recursive=true STEP 2: Look through returned results for possible credentials or kublet tokens. Credit @carnal0wnage#hashcrack

PreviousBugbounty Related Websites / BlogsNextTweets Collection by @Pentesterland

Last updated 5 years ago