## https://sploitus.com/exploit?id=3226835B-FC11-5A6F-A333-CD6A808B6825
# README
Talk is cheap, just look at the code.
Detailed can be found at https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
## Usage
1. Change the ip in `shell.c`
2. Check the docker is available and run `make shell.so`. (We need to build so in alpine to make sure it can works in nginx-ingress-controller which is base on musl-libc)
3. Run `python3 exploit.py` to get your shell.
> You may need to change the range at line 25 and 26, which indicates the range of the pid and fd. The default value is a compromise between the speed and the success rate.
> You can get the target value by running `kpexec -n ingress-nginx ingress-nginx-controller-xxxxxxxxx-xxxxx -it -- bash` to get into container by root and run `ls -ahl /proc/*/fd/* | grep body` in container, when you are in proofing env.