SteamCloud
SteamCloud
SteamCloud 443
SteamCloud
RETIRED MACHINE

SteamCloud

SteamCloud - Linux Linux
SteamCloud - Easy Easy

4.8

MACHINE RATING

2424

USER OWNS

2034

SYSTEM OWNS

14/02/2022

RELEASED
Created by felamos

Machine Synopsis

SteamCloud is an easy difficulty machine. The port scan reveals that it has a bunch of Kubernetes specific ports open. We cannot not enumerate the Kubernetes API because it requires authentication. Now, as Kubelet allows anonymous access, we can extract a list of all the pods from the K8s cluster by enumerating the Kubelet service. Furthermore, we can get into one of the pods and obtain the keys necessary to authenticate into the Kubernetes API. We can now create and spawn a malicious pod and then use Kubectl to run commands within the pod to read the root flag.

Machine Matrix

Ready to start your
hacking journey?