📚 Table of Contents
This was listed as a medium on try hack me but in my opinion this is an beginner box. We start with obvious LFI on the port 80 webpage after an initial Rustscan that reveals 22,80,8443. 8443 hints a Kubernetes, we’ll keep this in mind after exploiting the LFI. Exploit the LFI to steal the Kubernetes serviceaccount token at /var/run/secrets/kubernetes.io/serviceaccount/token and optionally the ca.crt file although we ultimately ended up ignoring the CA with -insecure-skip-tls-verify. After that we quickly finished the box with a k --insecure-skip-tls-verify --server [https://:8443$ip](https://:8443$ip) --token=$(cat token) get secret flag -o json | jq -r '.data.flag' | base64 -d.
flag{08bed9fc0bc6d[redact]51f291577841}
Rustscan: 22, 80, 8443 (Kube!)
LFI in the website.