book

How to Hack Like a Ghost

by Sparc Flow

May 2021

Intermediate to advanced

264 pages

6h 31m

English

No Starch Press

Read now

Unlock full access

How the Book WorksThe Vague Plan
VPNs and Their FailingsLocation, Location, LocationThe Operation LaptopBouncing ServersThe Attack InfrastructureResources
Command and Control LegacyThe Search for a New C2MerlinKoadicSILENTTRINITYResources

Legacy MethodContainers and VirtualizationNamespacesUnion FilesystemCgroupsIP MasqueradingAutomating the Server SetupTuning the ServerPushing to ProductionResources
Understanding Gretsch PoliticoFinding Hidden RelationshipsScouring GitHubPulling Web DomainsFrom CertificatesBy Harvesting the InternetDiscovering the Web Infrastructure UsedResources
Practice Makes PerfectRevealing Hidden DomainsInvestigating the S3 URLsS3 Bucket SecurityExamining the BucketsInspecting the Web-Facing ApplicationInterception with WebSocketServer-Side Request ForgeryExploring the MetadataThe Dirty Secret of the Metadata APIAWS IAMExamining the Key ListResources
Server-Side Template InjectionFingerprinting the FrameworkArbitrary Code ExecutionConfirming the OwnerSmuggling BucketsQuality Backdoor Using S3Creating the AgentCreating the OperatorTrying to Break FreeChecking for Privileged ModeLinux CapabilitiesDocker SocketResources
Kubernetes OverviewIntroducing PodsBalancing TrafficOpening the App to the WorldKube Under the HoodResources
RBAC in KubeRecon 2.0Breaking Into DatastoresAPI ExplorationAbusing the IAM Role PrivilegesAbusing the Service Account PrivilegesInfiltrating the DatabaseRedis and Real-Time BiddingDeserializationCache PoisoningKube Privilege EscalationResources
Stable AccessThe Stealthy BackdoorResources
The Path to ApotheosisAutomation Tool TakeoverJenkins AlmightyHell’s KitchenTaking Over LambdaResources
The AWS SentriesPersisting in the Utmost SecrecyThe Program to ExecuteBuilding the LambdaSetting Up the Trigger EventCovering Our TracksRecovering AccessAlternative (Worse) MethodsResources
Persisting the AccessUnderstanding SparkMalicious SparkSpark TakeoverFinding Raw DataStealing Processed DataPrivilege EscalationInfiltrating RedshiftResources
Hacking Google WorkspaceAbusing CloudTrailCreating a Google Workspace Super Admin AccountSneaking a PeekClosing ThoughtsResources

Content preview from How to Hack Like a Ghost

8 Shawshank Redemption: Breaking Out

Armed with this new understanding of Kubernetes, we head back to our improvised remote shell on the survey application to gather information, escalate privileges, and hopefully find our way to interesting data about user targeting.

We resume our earlier shell access on the surveyapp container and take a look at the environment variables:

shell> env

KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP=tcp://10.100.0.1:443

With our new knowledge, these environment variables take on a new meaning: KUBERNETES_PORT_443_TCP must refer to the cluster IP hiding the API server, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

How to Hack Like a Legend

Sparc Flow

Hands on Hacking

Matthew Hickey, Jennifer Arcuri

Web Hacking Secrets - How to Hack Legally and Earn Thousands of Dollars at HackerOne

Dawid Czagan

How Cybersecurity Really Works

Sam Grubb

Publisher Resources

ISBN: 9781098128944