Member-only story
How to Hack a Website Hosted as a Container (and Steps to Protect Against It)
A walkthrough of hacking a website hosted as a container by exploiting a vulnerability. We will break down the steps and see how to protect against the attack.
Many great articles and videos show how a Kubernetes cluster or container orchestrator can be taken over once a pod/container is compromised. Unfortunately, very few of them focus on the most important part… how on earth do we hack into a running application hosted behind a secure firewall in the first place?
In this guide, I will show you how a vulnerability in a web application can be exploited to gain access to a pod hosted in Kubernetes. Knowing these steps will help us understand better ways to protect our applications against this type of attack in the future. The steps to gain access will actually apply no matter what container platform is used to host the web container.
You can follow along using the steps if you’d like to try them yourself. I am using Docker Desktop to host a test Kubernetes cluster, so some steps may be slightly different if you use something else.