Getting "invalid port" message when accessing http://127.0.0.1:1234

Question

Getting "invalid port" message when accessing http://127.0.0.1:1234

SaurabhSinghDev opened this issue 4 years ago · comments

All the steps completed but getting following message when accessing the local cloud address.

Following message received post completion :
kubectl setup looks good. Creating port forward for all the Kubernetes Goat resources to locally. We will be using 1230 to 1236 ports locally! Visit http://127.0.0.1:1234 to get started with your Kuberenetes Goat hacking!

Please see...
When accessed the URL

Madhu Akula · Answer 1 · Thu Aug 13 2020 22:23:35 GMT+0800 (China Standard Time)

Hey @SaurabhSinghDev if you can give more details about your setup that would be useful. Also try to check all the pods running before running the bash access-kubernetes-goat.sh script. Because this script basically port-forward all the pods required to locally.

SAlphaDev · Answer 2 · Tue Aug 18 2020 22:21:00 GMT+0800 (China Standard Time)

Hi @madhuakula , have followed all the steps as mentioned in your guide, no major changes. Also, have checked all pods are running as required. I wonder if the ports are not accessible or issue with port forwarding.

Madhu Akula · Answer 3 · Tue Aug 25 2020 02:38:20 GMT+0800 (China Standard Time)

Can you check if any firewall/ufw in your system which is blocking these ports. Apart from the above steps, it should work out of the box and there shouldn't be any issues. As this is just doing kubectl port forwarding to local system.

Madhu Akula · Answer 4 · Sat Aug 29 2020 02:47:37 GMT+0800 (China Standard Time)

Closing this task. Let me know if you still facing some issue.

SAlphaDev · Answer 5 · Tue Sep 08 2020 22:31:19 GMT+0800 (China Standard Time)

The firewall rules are set to default. Can you just post what ideal rule should be.

Thanks

SAlphaDev · Answer 6 · Tue Sep 08 2020 22:32:05 GMT+0800 (China Standard Time)

Closing this task. Let me know if you still facing some issue.

Yes, Still facing the issue. Tried everything.

Madhu Akula · Answer 7 · Wed Sep 09 2020 00:48:12 GMT+0800 (China Standard Time)

@SaurabhSinghDev could you please explain about your setup?

Thanks

SAlphaDev · Answer 8 · Wed Sep 09 2020 00:52:25 GMT+0800 (China Standard Time)

@SaurabhSinghDev could you please explain about your setup?

Thanks

I made a fresh new account with GCloud.
And, Started with the setup as mentioned by your blog. And followed each step, everything worked fine but when I access the address finally. I am not able to.

Also, PODS are running.

Madhu Akula · Answer 9 · Thu Sep 10 2020 19:45:52 GMT+0800 (China Standard Time)

Can you check and paste the netstat result for the ports which exposed for kubernetes goat

SAlphaDev · Answer 10 · Sun Sep 13 2020 00:28:20 GMT+0800 (China Standard Time)

Hope this helps

Madhu Akula · Answer 11 · Sun Sep 13 2020 17:53:37 GMT+0800 (China Standard Time)

Looks like it's properly exposed. Here is the screeshot from the Katacoda as well. I am not sure if anything missing at your system side. As till here we can see the ports exposed means, it looks like everything works with Kubernetes Goat.

SAlphaDev · Answer 12 · Sun Sep 13 2020 18:06:51 GMT+0800 (China Standard Time)

So, what must be causing the issue ?

Can you help !!

Deleted user · Answer 13 · Sat Nov 28 2020 04:26:00 GMT+0800 (China Standard Time)

Hello

If you work in a VM and you are using a browser on the host, you need to specify --address 0.0.0.0

When I am using Docker and similar applications, I never map anything to 127.0.0.1, always 0.0.0.0

http://vm-ip-address:1234 on host is not working
http://localhost:1234 inside the vm works

Then, you use 0.0.0.0 in the expose script:
http://vm-ip-address:1234 on host now works.

@madhuakula I suggest you update your script since this does not break http://localhost:1234 or http://127.0.0.1:1234 inside the VM.

CMD="kubectl port-forward --address 0.0.0.0"
echo 'Creating port forward for all the Kubernetes Goat resources to locally. We will be using 1230 to 1236 ports locally!'

# Exposing Sensitive keys in code bases Scenario
export POD_NAME=$(kubectl get pods --namespace default -l "app=build-code" -o jsonpath="{.items[0].metadata.name}")
$CMD $POD_NAME 1230:3000 > /dev/null 2>&1 &

# Exposing DIND (docker-in-docker) exploitation Scenario
export POD_NAME=$(kubectl get pods --namespace default -l "app=health-check" -o jsonpath="{.items[0].metadata.name}")
$CMD $POD_NAME 1231:80 > /dev/null 2>&1 &

# Exposing SSRF in K8S world Scenario
export POD_NAME=$(kubectl get pods --namespace default -l "app=internal-proxy" -o jsonpath="{.items[0].metadata.name}")
$CMD $POD_NAME 1232:3000 > /dev/null 2>&1 &

# Exposing Container escape to access host system Scenario
export POD_NAME=$(kubectl get pods --namespace default -l "app=system-monitor" -o jsonpath="{.items[0].metadata.name}")
$CMD $POD_NAME 1233:8080 > /dev/null 2>&1 &

# Exposing Kubernetes Goat Home
export POD_NAME=$(kubectl get pods --namespace default -l "app=kubernetes-goat-home" -o jsonpath="{.items[0].metadata.name}")
$CMD $POD_NAME 1234:80 > /dev/null 2>&1 &

# Exposing Attacking private registry Scenario
export POD_NAME=$(kubectl get pods --namespace default -l "app=poor-registry" -o jsonpath="{.items[0].metadata.name}")
$CMD $POD_NAME 1235:5000 > /dev/null 2>&1 &

# Exposing Attacking private registry Scenario
export POD_NAME=$(kubectl get pods --namespace default -l "app=hunger-check" -o jsonpath="{.items[0].metadata.name}")
$CMD $POD_NAME 1236:8080 > /dev/null 2>&1 &

Madhu Akula · Answer 14 · Sat Nov 28 2020 04:42:24 GMT+0800 (China Standard Time)

Hello @alains-trend

You are correct. I use --address 0.0.0.0 in the Katacoda environment to expose as the port binds to the localhost.

I will update the script and push the latest changes.

Thank you so much once again!