The Cyber Security Library

The Library
Offensive Security
Malware
Vulnerability Management
- Nessus
Cloud
- AWS
- Azure
  - Worker CTF (Azure DevOps)
    Enumeration
    Using SVN
    Exploring the Domain
    Cracking Azure DevOps console
  - Software development environments and Azure DevOps pipeline abuse
    Accessing Azure Devops
    Exploring Project Pages
Splunk
- Splunk SIEM Integration
  - AWS architecture for integrating with Splunk
- Splunk Threat Hunting Ep.6 Credential Access
DevOps
- Using AWS, Docker, Jenkins and SonarQube to improve code quality
- Creating a Codebuild project and getting the output with CloudWatch Logs
  - IAM
  - CodeBuild
CTF's

Powered by GitBook

On this page

Offensive Security

Insekube

CVE-2021-43798

PreviousInside the Kubernetes pod NextSnort

Last updated 2 years ago

First I found the service that was running and the version

Then I had to google the CVE for this version

What the CVE Does - A directory path traversal vulnerability was found in Grafan. This flaw allows an attacker to obtain read access to the local files due to lack of path normalization in the /public/plugins/URL.

I ran the CVE to show the tokens stored on the kube pod

I then put the token into jwt.io and to see the necessary YAML information.